CVE-2026-32297 identifies a critical security flaw in the ANGEET ES3 KVM (Keyboard, Video, Mouse) switch device, which is used to control multiple computers from a single console. The vulnerability stems from a missing authentication mechanism (CWE-306) for critical functions that allow file writes. Specifically, a remote attacker can write arbitrary files, including configuration files or system binaries, without any authentication or user interaction. This flaw enables attackers to modify or replace system components, potentially leading to complete system takeover. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H) indicates network attack vector, low complexity, no privileges or user interaction required, and high impact on integrity and scope, with a critical severity score of 9.3. The vulnerability affects version 0 of the product, with no patches currently available and no known exploits in the wild. Given the nature of KVM devices as critical infrastructure components often used in sensitive environments, exploitation could allow attackers to gain persistent control over multiple connected systems, bypassing traditional endpoint security controls.

The impact of this vulnerability is significant for organizations relying on ANGEET ES3 KVM devices, particularly in sectors such as government, defense, finance, and critical infrastructure. Successful exploitation allows attackers to write arbitrary files remotely without authentication, leading to potential full system compromise. This can result in unauthorized access to sensitive data, disruption of operations, installation of persistent malware, and lateral movement within networks. Since KVM devices often bridge multiple systems, a single compromised device could serve as a pivot point to attack connected endpoints, amplifying the scope of the breach. The lack of authentication and ease of exploitation increase the risk of automated attacks and rapid spread. Organizations may face operational downtime, data breaches, regulatory penalties, and reputational damage if this vulnerability is exploited.

1. Immediately isolate ANGEET ES3 KVM devices from untrusted networks and restrict access to trusted administrators only. 2. Implement strict network segmentation to limit exposure of KVM devices to the internet or broad internal networks. 3. Monitor file integrity on KVM devices and connected systems for unauthorized changes, using file integrity monitoring tools. 4. Employ network intrusion detection/prevention systems (IDS/IPS) to detect anomalous traffic targeting KVM devices. 5. Engage with the vendor ANGEET for patches or firmware updates addressing this vulnerability; apply them promptly once available. 6. If patches are unavailable, consider disabling remote management features or replacing vulnerable devices with alternatives that enforce strong authentication. 7. Conduct regular security audits and penetration testing focused on KVM and peripheral devices to identify and remediate similar risks. 8. Educate IT and security teams about the risks associated with KVM devices and enforce strict access control policies.