CVE-2024-2161

Summary

Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

Affected Software

VendorProductVersion RangeStatus
KiloviewNDIN3 Firmware 2.02.0227unaffected
KiloviewNDIN3-s Firmware 2.02.0227unaffected
KiloviewNDIN4 Firmware 2.02.0227unaffected
KiloviewNDIN20 Firmware 2.02.0227unaffected
KiloviewNDIN30 Firmware 2.02.0227unaffected
KiloviewNDIN40 Firmware 2.02.0227unaffected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

Workarounds

Restrict access to the management interface of all affected Kiloview devices by applying strict firewall rules or other available means.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References