EUVD-2026-12610CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
4Description
Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate the KVM process.
Analysis
A critical authentication bypass vulnerability in Sipeed NanoKVM KVM-over-IP devices allows unauthenticated remote attackers to hijack Wi-Fi configurations or crash the device through memory exhaustion. The vulnerability affects NanoKVM versions before 2.3.1 and enables attackers with network access to redirect the device to attacker-controlled networks or cause denial of service. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all Sipeed NanoKVM devices in your environment and identify those running versions before 2.3.1. Within 7 days: Apply vendor patch 2.3.1 or later to all affected devices, prioritizing production and critical infrastructure systems. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today