Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for NDI by Kiloview

    CVE-2025-9265 (GCVE-0-2025-9265)

    Vulnerability from nvd – Published: 2025-10-13 06:57 – Updated: 2025-10-14 13:19
    VLAI
    Title
    API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products
    Summary
    A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    • CWE-290 - Authentication Bypass by Spoofing
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiloview NDI Affected: 2.02.246 (N30 Firmware)
    Create a notification for this product.
    Credits
    Joakim Brandt - NRK (Norsk rikskringkasting AS) Louis Dumas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T13:19:29.801041Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T13:19:43.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.kiloview.com/en/support/download/n30-for-ndi/",
              "defaultStatus": "affected",
              "product": "NDI",
              "vendor": "Kiloview",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.02.246",
                  "versionType": "N30 Firmware"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joakim Brandt - NRK (Norsk rikskringkasting AS)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Louis Dumas"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administrators\u003cp\u003eThis issue affects \n\n Kiloview NDI N30\n\nand was fixed in Firmware version later than  2.02.0246\n\n\u003c/p\u003e"
                }
              ],
              "value": "A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects \n\n Kiloview NDI N30\n\nand was fixed in Firmware version later than  2.02.0246"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-22",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-22 Exploiting Trust in Client"
                }
              ]
            },
            {
              "capecId": "CAPEC-21",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-21 Exploitation of Trusted Identifiers"
                }
              ]
            },
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115: Authentication Bypass."
                }
              ]
            },
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:57:45.195Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-9265",
        "datePublished": "2025-10-13T06:57:45.195Z",
        "dateReserved": "2025-08-20T14:20:57.768Z",
        "dateUpdated": "2025-10-14T13:19:43.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2162 (GCVE-0-2024-2162)

    Vulnerability from nvd – Published: 2024-03-21 06:00 – Updated: 2024-08-27 20:10
    VLAI
    Title
    Authenticated Remote Code Execution in Kiloview NDI N series products
    Summary
    An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview NDI Unaffected: N3 Firmware 2.02.0227
    Unaffected: N3-s Firmware 2.02.0227
    Unaffected: N4 Firmware 2.02.0227
    Unaffected: N20 Firmware 2.02.0227
    Unaffected: N30 Firmware 2.02.0227
    Unaffected: N40 Firmware 2.02.0227
    Create a notification for this product.
    kiloview ndi_n3_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n3-s_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n4_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n20_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n30_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n40_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Milan Duric, EBU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:38.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/1779/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n40/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n3_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n3-s_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n4_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n20_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n30_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n40_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T19:04:38.388761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T20:10:16.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NDI",
              "vendor": "Kiloview",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "N3 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N3-s Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N4 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N20 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N30 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N40 Firmware 2.02.0227"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Milan Duric, EBU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.\n\nThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T06:00:35.823Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/1779/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n40/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the firmware  2.02.0227 or later\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to the firmware  2.02.0227 or later\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Remote Code Execution in Kiloview NDI N series products",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2024-2162",
        "datePublished": "2024-03-21T06:00:35.823Z",
        "dateReserved": "2024-03-04T13:18:32.464Z",
        "dateUpdated": "2024-08-27T20:10:16.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2161 (GCVE-0-2024-2161)

    Vulnerability from nvd – Published: 2024-03-21 06:00 – Updated: 2024-08-02 15:06
    VLAI
    Title
    Use of Hard-coded Credentials in Kiloview NDI N series products API middleware
    Summary
    Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview NDI Unaffected: N3 Firmware 2.02.0227
    Unaffected: N3-s Firmware 2.02.0227
    Unaffected: N4 Firmware 2.02.0227
    Unaffected: N20 Firmware 2.02.0227
    Unaffected: N30 Firmware 2.02.0227
    Unaffected: N40 Firmware 2.02.0227
    Create a notification for this product.
    kiloview ndi_n4_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Milan Duric, EBU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:39.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/1779/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n40/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ndi_n4_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2161",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:00:37.605387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:06:30.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NDI",
              "vendor": "Kiloview",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "N3 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N3-s Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N4 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N20 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N30 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N40 Firmware 2.02.0227"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Milan Duric, EBU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authentication\u003cp\u003eThis issue affects\u0026nbsp;Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u0026nbsp;2.02.0227 .\u003c/p\u003e"
                }
              ],
              "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects\u00a0Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u00a02.02.0227 .\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T06:00:17.957Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/1779/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n40/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the firmware  2.02.0227 or later\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to the firmware  2.02.0227 or later\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Hard-coded Credentials in Kiloview NDI N series products API middleware",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\u003cbr\u003e"
                }
              ],
              "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2024-2161",
        "datePublished": "2024-03-21T06:00:17.957Z",
        "dateReserved": "2024-03-04T13:18:31.014Z",
        "dateUpdated": "2024-08-02T15:06:30.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-9265 (GCVE-0-2025-9265)

    Vulnerability from cvelistv5 – Published: 2025-10-13 06:57 – Updated: 2025-10-14 13:19
    VLAI
    Title
    API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products
    Summary
    A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-346 - Origin Validation Error
    • CWE-290 - Authentication Bypass by Spoofing
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Kiloview NDI Affected: 2.02.246 (N30 Firmware)
    Create a notification for this product.
    Credits
    Joakim Brandt - NRK (Norsk rikskringkasting AS) Louis Dumas
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-9265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T13:19:29.801041Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T13:19:43.818Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://www.kiloview.com/en/support/download/n30-for-ndi/",
              "defaultStatus": "affected",
              "product": "NDI",
              "vendor": "Kiloview",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.02.246",
                  "versionType": "N30 Firmware"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Joakim Brandt - NRK (Norsk rikskringkasting AS)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Louis Dumas"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administrators\u003cp\u003eThis issue affects \n\n Kiloview NDI N30\n\nand was fixed in Firmware version later than  2.02.0246\n\n\u003c/p\u003e"
                }
              ],
              "value": "A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects \n\n Kiloview NDI N30\n\nand was fixed in Firmware version later than  2.02.0246"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-22",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-22 Exploiting Trust in Client"
                }
              ]
            },
            {
              "capecId": "CAPEC-21",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-21 Exploitation of Trusted Identifiers"
                }
              ]
            },
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115: Authentication Bypass."
                }
              ]
            },
            {
              "capecId": "CAPEC-151",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-151 Identity Spoofing"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-346",
                  "description": "CWE-346 Origin Validation Error",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T06:57:45.195Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n30-firmware-downloadlatest/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2025-9265",
        "datePublished": "2025-10-13T06:57:45.195Z",
        "dateReserved": "2025-08-20T14:20:57.768Z",
        "dateUpdated": "2025-10-14T13:19:43.818Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2162 (GCVE-0-2024-2162)

    Vulnerability from cvelistv5 – Published: 2024-03-21 06:00 – Updated: 2024-08-27 20:10
    VLAI
    Title
    Authenticated Remote Code Execution in Kiloview NDI N series products
    Summary
    An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview NDI Unaffected: N3 Firmware 2.02.0227
    Unaffected: N3-s Firmware 2.02.0227
    Unaffected: N4 Firmware 2.02.0227
    Unaffected: N20 Firmware 2.02.0227
    Unaffected: N30 Firmware 2.02.0227
    Unaffected: N40 Firmware 2.02.0227
    Create a notification for this product.
    kiloview ndi_n3_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n3-s_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n4_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n20_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n30_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview ndi_n40_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Milan Duric, EBU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:38.899Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/1779/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n40/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n3_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n3-s_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n4_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n20_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n30_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ndi_n40_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2162",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-28T19:04:38.388761Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-27T20:10:16.134Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NDI",
              "vendor": "Kiloview",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "N3 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N3-s Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N4 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N20 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N30 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N40 Firmware 2.02.0227"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Milan Duric, EBU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges.\n\nThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T06:00:35.823Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/1779/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n40/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the firmware  2.02.0227 or later\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to the firmware  2.02.0227 or later\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Remote Code Execution in Kiloview NDI N series products",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2024-2162",
        "datePublished": "2024-03-21T06:00:35.823Z",
        "dateReserved": "2024-03-04T13:18:32.464Z",
        "dateUpdated": "2024-08-27T20:10:16.134Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2161 (GCVE-0-2024-2161)

    Vulnerability from cvelistv5 – Published: 2024-03-21 06:00 – Updated: 2024-08-02 15:06
    VLAI
    Title
    Use of Hard-coded Credentials in Kiloview NDI N series products API middleware
    Summary
    Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview NDI Unaffected: N3 Firmware 2.02.0227
    Unaffected: N3-s Firmware 2.02.0227
    Unaffected: N4 Firmware 2.02.0227
    Unaffected: N20 Firmware 2.02.0227
    Unaffected: N30 Firmware 2.02.0227
    Unaffected: N40 Firmware 2.02.0227
    Create a notification for this product.
    kiloview ndi_n4_firmware Affected: 2.02.0227
        cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*
        cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Milan Duric, EBU
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:39.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/1779/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
              },
              {
                "tags": [
                  "release-notes",
                  "x_transferred"
                ],
                "url": "https://www.kiloview.com/en/support/download/n40/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:ndi_n20_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n30_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n3_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n3-s_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n40_firmware:2.02.0227:*:*:*:*:*:*:*",
                  "cpe:2.3:o:kiloview:ndi_n4_firmware:2.02.0227:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "affected",
                "product": "ndi_n4_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "status": "affected",
                    "version": "2.02.0227"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2161",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:00:37.605387Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:06:30.673Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "NDI",
              "vendor": "Kiloview",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "N3 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N3-s Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N4 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N20 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N30 Firmware 2.02.0227"
                },
                {
                  "status": "unaffected",
                  "version": "N40 Firmware 2.02.0227"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Milan Duric, EBU"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authentication\u003cp\u003eThis issue affects\u0026nbsp;Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u0026nbsp;2.02.0227 .\u003c/p\u003e"
                }
              ],
              "value": "Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects\u00a0Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version\u00a02.02.0227 .\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-21T06:00:17.957Z",
            "orgId": "455daabc-a392-441d-aa46-37d35189897c",
            "shortName": "NCSC.ch"
          },
          "references": [
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n3-s-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/1779/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n20-firmware-download/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n30-for-ndi/"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://www.kiloview.com/en/support/download/n40/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Upgrade to the firmware  2.02.0227 or later\u003cbr\u003e"
                }
              ],
              "value": "Upgrade to the firmware  2.02.0227 or later\n"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Use of Hard-coded Credentials in Kiloview NDI N series products API middleware",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\u003cbr\u003e"
                }
              ],
              "value": "Restrict access to the \nmanagement interface of all affected Kiloview devices by applying strict firewall rules or other available means.\n\n"
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
        "assignerShortName": "NCSC.ch",
        "cveId": "CVE-2024-2161",
        "datePublished": "2024-03-21T06:00:17.957Z",
        "dateReserved": "2024-03-04T13:18:31.014Z",
        "dateUpdated": "2024-08-02T15:06:30.673Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }