PT-2026-25918 · Sipeed · Sipeed Nanokvm
Reynaldo Vasquez Garcia
·
Published
2026-03-17
·
Updated
2026-03-18
·
CVE-2026-32296
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Sipeed NanoKVM versions prior to 2.3.1
Description
Sipeed NanoKVM exposes a Wi-Fi configuration endpoint without appropriate security measures. An unauthenticated attacker with network access can modify the saved Wi-Fi network configuration to one of their choosing. Additionally, an attacker can create a request to deplete system memory and terminate the KVM process. The vulnerable endpoint is a Wi-Fi configuration endpoint. The
network configuration can be altered by an attacker.Recommendations
Update Sipeed NanoKVM to version 2.3.1 or later.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sipeed Nanokvm