Louis Dumas

**Name of the Vulnerable Software and Affected Versions** Kiloview N30 version 2.02.246 **Description** The firmware contains a hardcoded TLS private key and certificate. This allows a malicious actor to perform a man-in-the-middle attack over the network. **Recommendations** It is recommended to upgrade the device firmware to the fixed version 3.01, released on October 11, 2025. This version includes security enhancements that address this vulnerability, among other potential issues. Important Note: Due to changes in the firmware upgrade mechanism, upgrading from version 2.x requires first installing an intermediate upgrade package (N30-9999-upgrade-firmware). After installing this intermediate package, a manual refresh of the web interface is required before proceeding with the upgrade to version 3.01.

**Name of the Vulnerable Software and Affected Versions** Kiloview NDI N30 versions prior to 2.02.0246 **Description** A broken authorization allows a remote, unauthenticated attacker to disable user verification, granting access to administrative actions. This impacts Kiloview NDI N30. **Recommendations** Update to Firmware version 2.02.0246 or later.