CVE-2024-2162
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.
This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kiloview | NDI | N3 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N3-s Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N4 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N20 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N30 Firmware 2.02.0227 | unaffected |
| Kiloview | NDI | N40 Firmware 2.02.0227 | unaffected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Workarounds
Restrict access to the management interface of all affected Kiloview devices by applying strict firewall rules or other available means.
ADP Enrichment
CVE Program Container
Additional References
- https://www.kiloview.com/en/support/download/n3-for-ndi/
- https://www.kiloview.com/en/support/download/n3-s-firmware-download/
- https://www.kiloview.com/en/support/download/1779/
- https://www.kiloview.com/en/support/download/n20-firmware-download/
- https://www.kiloview.com/en/support/download/n30-for-ndi/
- https://www.kiloview.com/en/support/download/n40/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.kiloview.com/en/support/download/n3-for-ndi/
- https://www.kiloview.com/en/support/download/n3-s-firmware-download/
- https://www.kiloview.com/en/support/download/1779/
- https://www.kiloview.com/en/support/download/n20-firmware-download/
- https://www.kiloview.com/en/support/download/n30-for-ndi/
- https://www.kiloview.com/en/support/download/n40/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.