Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for P1/P2 by Kiloview

    CVE-2023-41928 (GCVE-0-2023-41928)

    Vulnerability from nvd – Published: 2024-07-02 07:43 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices
    Summary
    The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41928",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T15:39:39.501176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T15:39:48.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses.\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T07:43:31.998Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41928",
        "datePublished": "2024-07-02T07:43:31.998Z",
        "dateReserved": "2023-09-05T10:14:50.217Z",
        "dateUpdated": "2024-08-02T19:09:49.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41927 (GCVE-0-2023-41927)

    Vulnerability from nvd – Published: 2024-07-02 07:43 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices
    Summary
    The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41927",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T18:19:15.786596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T18:19:21.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eThe server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of\ncryptographic weaknesses.\u003c/p\u003e\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T07:43:25.640Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41927",
        "datePublished": "2024-07-02T07:43:25.640Z",
        "dateReserved": "2023-09-05T10:14:50.217Z",
        "dateUpdated": "2024-08-02T19:09:49.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41926 (GCVE-0-2023-41926)

    Vulnerability from nvd – Published: 2024-07-02 07:43 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Insufficiently protected credentials in Kiloview P1/P2 devices
    Summary
    The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41926",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:55:55.881255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:55:59.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.320Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials.\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-157",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-157 Sniffing Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:21:18.104Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficiently protected credentials in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41926",
        "datePublished": "2024-07-02T07:43:16.362Z",
        "dateReserved": "2023-09-05T10:14:50.217Z",
        "dateUpdated": "2024-08-02T19:09:49.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41923 (GCVE-0-2023-41923)

    Vulnerability from nvd – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Weak Password Requirements in Kiloview P1/P2 devices
    Summary
    The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:55:19.691029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:55:26.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:21:08.341Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak Password Requirements in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41923",
        "datePublished": "2024-07-02T07:42:49.840Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41922 (GCVE-0-2023-41922)

    Vulnerability from nvd – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices
    Summary
    A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ 4.8.2605 (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ 4.8.2605 (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "4.8.2605",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "4.8.2605",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T14:01:30.394306Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:05:45.133Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA \u0027Cross-site Scripting\u0027 (XSS) vulnerability, characterized by improper\ninput neutralization during web page generation, has been discovered. This vulnerability allows for\nStored XSS attacks to occur. Multiple areas within the administration interface\nof the webserver lack adequate input validation, resulting in multiple\ninstances of Stored XSS vulnerabilities.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "A \u0027Cross-site Scripting\u0027 (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:21:00.778Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41922",
        "datePublished": "2024-07-02T07:42:42.031Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41921 (GCVE-0-2023-41921)

    Vulnerability from nvd – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Download of Code Without Integrity Check in Kiloview P1/P2 devices
    Summary
    A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target’s integrity to achieve an insecure state.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:51:11.223029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:51:15.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgba(255, 255, 255, 0.7);\"\u003eA vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target\u2019s integrity to achieve an insecure state.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target\u2019s integrity to achieve an insecure state."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-184",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-184 Software Integrity Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:37.969Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Download of Code Without Integrity Check in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41921",
        "datePublished": "2024-07-02T07:42:33.722Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41920 (GCVE-0-2023-41920)

    Vulnerability from nvd – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices
    Summary
    The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:52:36.148784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:52:42.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability allows attackers access to the root account without having to authenticate. \u003c/span\u003e\u003cspan style=\"background-color: rgba(255, 255, 255, 0.7);\"\u003eSpecifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.\u003c/span\u003e\n\n"
                }
              ],
              "value": "The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:30.865Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41920",
        "datePublished": "2024-07-02T07:42:24.484Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41919 (GCVE-0-2023-41919)

    Vulnerability from nvd – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Use of Hard-coded Credentials in Kiloview P1/P2 devices
    Summary
    Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:53:12.633052Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:53:17.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHardcoded credentials are discovered within the application\u0027s source code, creating a potential security risk for unauthorized access.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "Hardcoded credentials are discovered within the application\u0027s source code, creating a potential security risk for unauthorized access."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:21.516Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of Hard-coded Credentials in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41919",
        "datePublished": "2024-07-02T07:42:16.318Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41918 (GCVE-0-2023-41918)

    Vulnerability from nvd – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Missing Authentication for Critical Function in Kiloview P1/P2 devices
    Summary
    A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41918",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:53:42.844735Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:54:20.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability allows unauthorized access to functionality inadequately\nconstrained by ACLs. Attackers may exploit this to unauthenticated execute\ncommands potentially leading to unauthorized data manipulation, access to\nprivileged functions, or even the execution of arbitrary code.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:11.611Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authentication for Critical Function in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41918",
        "datePublished": "2024-07-02T07:42:08.260Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41917 (GCVE-0-2023-41917)

    Vulnerability from nvd – Published: 2024-07-02 07:41 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Improper input validation in Kiloview P1/P2 devices allows for remote code execution
    Summary
    Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:54:08.026724Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:54:13.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInadequate input validation\nexposes the system to potential remote code execution (RCE) risks. Attackers\ncan exploit this vulnerability by appending shell commands to the\nSpeed-Measurement feature, enabling unauthorized code execution.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:00.588Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validation in Kiloview P1/P2 devices allows for remote code execution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41917",
        "datePublished": "2024-07-02T07:41:28.397Z",
        "dateReserved": "2023-09-05T10:14:50.215Z",
        "dateUpdated": "2024-08-02T19:09:49.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41928 (GCVE-0-2023-41928)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:43 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices
    Summary
    The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41928",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T15:39:39.501176Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T15:39:48.584Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.433Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses.\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T07:43:31.998Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41928",
        "datePublished": "2024-07-02T07:43:31.998Z",
        "dateReserved": "2023-09-05T10:14:50.217Z",
        "dateUpdated": "2024-08-02T19:09:49.433Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41927 (GCVE-0-2023-41927)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:43 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices
    Summary
    The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-327 - Inadequate Encryption Strength
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41927",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T18:19:15.786596Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T18:19:21.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.292Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cp\u003eThe server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of\ncryptographic weaknesses.\u003c/p\u003e\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-97",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-97 Cryptanalysis"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-327",
                  "description": "CWE-327: Inadequate Encryption Strength",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T07:43:25.640Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41927",
        "datePublished": "2024-07-02T07:43:25.640Z",
        "dateReserved": "2023-09-05T10:14:50.217Z",
        "dateUpdated": "2024-08-02T19:09:49.292Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41926 (GCVE-0-2023-41926)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:43 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Insufficiently protected credentials in Kiloview P1/P2 devices
    Summary
    The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-522 - Insufficiently Protected Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41926",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:55:55.881255Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:55:59.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.320Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials.\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-157",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-157 Sniffing Attacks"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-522",
                  "description": "CWE-522 Insufficiently Protected Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:21:18.104Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficiently protected credentials in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41926",
        "datePublished": "2024-07-02T07:43:16.362Z",
        "dateReserved": "2023-09-05T10:14:50.217Z",
        "dateUpdated": "2024-08-02T19:09:49.320Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41923 (GCVE-0-2023-41923)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Weak Password Requirements in Kiloview P1/P2 devices
    Summary
    The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-521 - Weak Password Requirements
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:55:19.691029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:55:26.955Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.428Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eThe user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-521",
                  "description": "CWE-521 Weak Password Requirements",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:21:08.341Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Weak Password Requirements in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41923",
        "datePublished": "2024-07-02T07:42:49.840Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41922 (GCVE-0-2023-41922)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices
    Summary
    A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ 4.8.2605 (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ 4.8.2605 (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "4.8.2605",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "4.8.2605",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41922",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T14:01:30.394306Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T14:05:45.133Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA \u0027Cross-site Scripting\u0027 (XSS) vulnerability, characterized by improper\ninput neutralization during web page generation, has been discovered. This vulnerability allows for\nStored XSS attacks to occur. Multiple areas within the administration interface\nof the webserver lack adequate input validation, resulting in multiple\ninstances of Stored XSS vulnerabilities.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "A \u0027Cross-site Scripting\u0027 (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:21:00.778Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41922",
        "datePublished": "2024-07-02T07:42:42.031Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41921 (GCVE-0-2023-41921)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Download of Code Without Integrity Check in Kiloview P1/P2 devices
    Summary
    A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target’s integrity to achieve an insecure state.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-494 - Download of Code Without Integrity Check
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41921",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:51:11.223029Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:51:15.140Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgba(255, 255, 255, 0.7);\"\u003eA vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target\u2019s integrity to achieve an insecure state.\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
                }
              ],
              "value": "A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target\u2019s integrity to achieve an insecure state."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-184",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-184 Software Integrity Attack"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494 Download of Code Without Integrity Check",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:37.969Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Download of Code Without Integrity Check in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41921",
        "datePublished": "2024-07-02T07:42:33.722Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.427Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41920 (GCVE-0-2023-41920)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices
    Summary
    The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41920",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:52:36.148784Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:52:42.017Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.386Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability allows attackers access to the root account without having to authenticate. \u003c/span\u003e\u003cspan style=\"background-color: rgba(255, 255, 255, 0.7);\"\u003eSpecifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.\u003c/span\u003e\n\n"
                }
              ],
              "value": "The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "CWE-305 Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:30.865Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41920",
        "datePublished": "2024-07-02T07:42:24.484Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41919 (GCVE-0-2023-41919)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Use of Hard-coded Credentials in Kiloview P1/P2 devices
    Summary
    Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41919",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:53:12.633052Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:53:17.253Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eHardcoded credentials are discovered within the application\u0027s source code, creating a potential security risk for unauthorized access.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "Hardcoded credentials are discovered within the application\u0027s source code, creating a potential security risk for unauthorized access."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-70",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-70 Try Common or Default Usernames and Passwords"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798 Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:21.516Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Use of Hard-coded Credentials in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41919",
        "datePublished": "2024-07-02T07:42:16.318Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41918 (GCVE-0-2023-41918)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:42 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Missing Authentication for Critical Function in Kiloview P1/P2 devices
    Summary
    A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41918",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:53:42.844735Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:54:20.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.350Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA vulnerability allows unauthorized access to functionality inadequately\nconstrained by ACLs. Attackers may exploit this to unauthenticated execute\ncommands potentially leading to unauthorized data manipulation, access to\nprivileged functions, or even the execution of arbitrary code.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:11.611Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authentication for Critical Function in Kiloview P1/P2 devices"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41918",
        "datePublished": "2024-07-02T07:42:08.260Z",
        "dateReserved": "2023-09-05T10:14:50.216Z",
        "dateUpdated": "2024-08-02T19:09:49.350Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-41917 (GCVE-0-2023-41917)

    Vulnerability from cvelistv5 – Published: 2024-07-02 07:41 – Updated: 2024-08-02 19:09
    VLAI
    Title
    Improper input validation in Kiloview P1/P2 devices allows for remote code execution
    Summary
    Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Kiloview P1/P2 Affected: All , ≤ 4.8.2605 (custom)
    Create a notification for this product.
    kiloview p1_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    kiloview p2_4g_video_encoder_firmware Affected: 0 , ≤ * (custom)
        cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p1_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p1_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:kiloview:p2_4g_video_encoder_firmware:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "p2_4g_video_encoder_firmware",
                "vendor": "kiloview",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-41917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T10:54:08.026724Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T10:54:13.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:09:49.069Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "P1/P2",
              "vendor": "Kiloview",
              "versions": [
                {
                  "lessThanOrEqual": "4.8.2605",
                  "status": "affected",
                  "version": "All",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInadequate input validation\nexposes the system to potential remote code execution (RCE) risks. Attackers\ncan exploit this vulnerability by appending shell commands to the\nSpeed-Measurement feature, enabling unauthorized code execution.\u003c/p\u003e\n\n\n\n\n\n"
                }
              ],
              "value": "Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 10,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T08:20:00.588Z",
            "orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
            "shortName": "NCSC-NL"
          },
          "references": [
            {
              "url": "https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper input validation in Kiloview P1/P2 devices allows for remote code execution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
        "assignerShortName": "NCSC-NL",
        "cveId": "CVE-2023-41917",
        "datePublished": "2024-07-02T07:41:28.397Z",
        "dateReserved": "2023-09-05T10:14:50.215Z",
        "dateUpdated": "2024-08-02T19:09:49.069Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }