PT-2024-18972 · Kiloview · Kiloview Ndi
Published
2024-03-21
·
Updated
2024-03-22
·
CVE-2024-2161
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kiloview NDI versions prior to 2.02.0227
Description
The issue is related to the use of hard-coded credentials in Kiloview NDI, allowing un-authenticated users to bypass authentication. This affects models N3, N3-s, N4, N20, N30, N40.
Recommendations
For versions prior to 2.02.0227, update the firmware to version 2.02.0227 to resolve the issue. As a temporary workaround, consider restricting access to the affected devices until the update can be applied.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kiloview Ndi