CVE-2026-1453

Summary

A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.

Affected Software

VendorProductVersion RangeStatus
KiloViewEncoder Series E1 hardware Version 1.44.7.2516affected
KiloViewEncoder Series E1 hardware Version 1.6.204.7.2511affected
KiloViewEncoder Series E1 hardware Version 1.6.204.8.2523affected
KiloViewEncoder Series E1 hardware Version 1.6.204.8.2611affected
KiloViewEncoder Series E1 hardware Version 1.6.204.6.2400affected
KiloViewEncoder Series E1 hardware Version 1.6.204.7.2512affected
KiloViewEncoder Series E1 hardware Version 1.6.204.8.2561affected
KiloViewEncoder Series E1 hardware Version 1.6.204.8.2554affected
KiloViewEncoder Series E1 hardware Version 1.6.204.3.2029affected
KiloViewEncoder Series E1 hardware Version 1.6.204.8.2555affected
KiloViewEncoder Series E1 hardware Version 1.6.204.6.2408affected
KiloViewEncoder Series E1-s hardware Version 1.44.7.2516affected
KiloViewEncoder Series E1-s hardware Version 1.44.8.2519affected
KiloViewEncoder Series E1-s hardware Version 1.44.8.2525affected
KiloViewEncoder Series E1-s hardware Version 1.44.8.2611affected
KiloViewEncoder Series E1-s hardware Version 1.44.8.2561affected
KiloViewEncoder Series E1-s hardware Version 1.44.8.2554affected
KiloViewEncoder Series E1-s hardware Version 1.44.8.2523affected
KiloViewEncoder Series E2 hardware Version 1.7.204.8.2611affected
KiloViewEncoder Series E2 hardware Version 1.7.204.8.2561affected
KiloViewEncoder Series E2 hardware Version 1.8.204.8.2523affected
KiloViewEncoder Series E2 hardware Version 1.8.204.8.2611affected
KiloViewEncoder Series E2 hardware Version 1.8.204.8.2554affected
KiloViewEncoder Series G1 hardware Version 1.6.204.8.2561affected
KiloViewEncoder Series P1 hardware Version 1.3.204.8.2633affected
KiloViewEncoder Series P1 hardware Version 1.3.204.8.2608affected
KiloViewEncoder Series P2 hardware Version 1.8.204.8.2633affected
KiloViewEncoder Series RE1 hardware Version 2.0.004.7.2513affected
KiloViewEncoder Series RE1 hardware Version 3.0.004.8.2519affected
KiloViewEncoder Series RE1 hardware Version 3.0.004.8.2561affected
KiloViewEncoder Series RE1 hardware Version 3.0.004.8.2611affected
KiloViewEncoder Series RE1 hardware Version 3.0.004.8.2525affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

KiloView has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of KiloView Encoder Series are invited to contact KiloView customer support for additional information.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References