
How Cheap KVMs Could Be Your Network's Weak Link - BTS #70
From Below the Surface (Audio) - The Supply Chain Security Podcast by Eclypsium
March 25, 2026 · 1h 3m · Episode 70
About this episode
The episode discusses the security vulnerabilities of low-cost IP-based KVMs and best practices for securing them.
In this episode, we explore the security vulnerabilities of low-cost IP-based KVMs, including firmware flaws, default credentials, and insecure update mechanisms. Two Eclypsium researchers, Paul and Rey, discovered the vulnerabilities and shared the details and behind-the-scenes details! We also discuss real-world testing, vendor responses, and best practices for securing remote management devices in enterprise environments. Chapters 00:00 Introduction to KVM Vulnerabilities 03:00 Research Background and Team Introduction 05:57 Exploring GLINet and Initial Findings 09:03 Firmware Analysis and Security Expectations 11:58 Vulnerability Disclosure and Response 15:07 Enterprise Risks and Deployment Concerns 17:59 Security Best Practices for KVMs 21:06 Vendor Responses and Community Engagement 23:49 Unique Vulnerabilities in SiP and JetKVM 27:01 Conclusion and Future Directions 31:26 Vulnerability Research and Tool Development 34:14 Vendor Communication and Disclosure Challenges 37:51 Firmware Update Issues and Security Concerns 39:12 The Importance of Reviews and Brand Trust 41:42 Security Best Practices for KVMs 45:38 Network Segmentation and Device Security 49:26 Discovering IoT…
People in this episode
Guests: Paul, Rey
Topics covered
- KVM vulnerabilities
- security best practices
- firmware flaws
- remote management devices
- vendor responses
- enterprise risks
Keywords
- KVM security
- firmware analysis
- default credentials
- insecure updates
- vulnerability disclosure
- network security
- IoT devices
Mentioned in this episode
Organizations: Eclypsium
Products: KVMs, GLINet, SiP, JetKVM
More episodes of Below the Surface (Audio) - The Supply Chain Security Podcast
- Uncovering Firmware Risks: From Y2K to Modern Malware - BTS #73 · May 7, 2026 · 55 min
- AI-Powered Firmware Hacking: The Future of Vulnerability Discovery - BTS #72 · April 17, 2026 · 59 min
- What Makes a Device a Router? - BTS #71 · April 7, 2026 · 1h 2m
- Navigating Network Edge Vulnerabilities - BTS #69 · March 5, 2026 · 1h 4m
- Attacking Power Grids - BTS #68 · February 11, 2026 · 1h 2m
- BIOS Password Cracking, Secure Boot, and Stackwarp - BTS #67 · January 27, 2026 · 1h 0m
Explore listener stats, chart rankings, contacts and more on the Below the Surface (Audio) - The Supply Chain Security Podcast podcast page.