Researchers have found nine vulnerabilities in four popular low-cost KVM-over-IP devices, ranging from unauthenticated command injection to weak authentication defenses and insecure firmware updates. The flaws are particularly concerning given the growing presence of such devices in business environments, whether deployed intentionally by IT administrators and managed service providers or introduced as shadow IT. KVM-over-IP devices enable users to control computers remotely as if they were physically present, with full keyboard, video, and mouse access, including at the BIOS level when the OS is not running. Enterprises have long relied on rack-mounted multi-port KVM switches that include s...