CVE-2024-2161
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kiloview | NDI | N3 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N3-s Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N4 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N20 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N30 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N40 Firmware 2.02.0227 | unaffected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
Workarounds
Restrict access to the management interface of all affected Kiloview devices by applying strict firewall rules or other available means.
ADP Enrichment
CVE Program Container
Additional References
- https://www.kiloview.com/en/support/download/n3-for-ndi/
- https://www.kiloview.com/en/support/download/n3-s-firmware-download/
- https://www.kiloview.com/en/support/download/1779/
- https://www.kiloview.com/en/support/download/n20-firmware-download/
- https://www.kiloview.com/en/support/download/n30-for-ndi/
- https://www.kiloview.com/en/support/download/n40/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
- https://www.kiloview.com/en/support/download/n3-for-ndi/
- https://www.kiloview.com/en/support/download/n3-s-firmware-download/
- https://www.kiloview.com/en/support/download/1779/
- https://www.kiloview.com/en/support/download/n20-firmware-download/
- https://www.kiloview.com/en/support/download/n30-for-ndi/
- https://www.kiloview.com/en/support/download/n40/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.