Es3 Kvm
Monthly
OS command execution in Angeet ES3 KVM allows authenticated administrators to execute arbitrary system commands through improper input validation in the cfg.lua script. An attacker with high-level privileges can leverage this vulnerability to achieve complete system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available for this critical vulnerability.
The Angeet ES3 KVM device contains an arbitrary file write vulnerability allowing remote, unauthenticated attackers to modify system files including configuration files and binaries, potentially leading to complete system compromise. All versions of the ES3 KVM appear to be affected based on EUVD version data (ES3 KVM 0 <*). This vulnerability has been reported by CISA and documented in their CSAF advisory VA-26-076-01, though no active exploitation (KEV) status has been indicated at this time.
OS command execution in Angeet ES3 KVM allows authenticated administrators to execute arbitrary system commands through improper input validation in the cfg.lua script. An attacker with high-level privileges can leverage this vulnerability to achieve complete system compromise with high impact on confidentiality, integrity, and availability. No patch is currently available for this critical vulnerability.
The Angeet ES3 KVM device contains an arbitrary file write vulnerability allowing remote, unauthenticated attackers to modify system files including configuration files and binaries, potentially leading to complete system compromise. All versions of the ES3 KVM appear to be affected based on EUVD version data (ES3 KVM 0 <*). This vulnerability has been reported by CISA and documented in their CSAF advisory VA-26-076-01, though no active exploitation (KEV) status has been indicated at this time.