Paul Asadoorian

**Name of the Vulnerable Software and Affected Versions** JetKVM versions prior to 0.5.4 **Description** The software does not verify the authenticity of downloaded firmware files. An attacker positioned between the user and the server, or a compromised update server, could modify the firmware and its SHA256 hash to bypass the verification process. **Recommendations** Update to version 0.5.4 or later.

**Name of the Vulnerable Software and Affected Versions** JetKVM versions prior to 0.5.4 **Description** The software does not limit the rate of login requests, which allows for brute-force attempts to guess credentials. This impacts KVM-over-IP devices lacking brute-force protection. **Recommendations** Update JetKVM to version 0.5.4 or later.