Hard-coded Credentials in Kiloview NDI Allow Unauthenticated Access
CVE-2024-2161

9.8CRITICAL

Key Information:

Vendor

Kiloview

Status
Ndi
Vendor
CVE Published:
21 March 2024

What is CVE-2024-2161?

A significant vulnerability exists in Kiloview's NDI product line due to the use of hard-coded credentials, which allows unauthorized users to bypass the authentication process. This issue affects several models, including the N3, N3-s, N4, N20, N30, and N40. Users of these products are advised to upgrade to firmware version 2.02.0227 or later to mitigate this vulnerability. The persistence of hard-coded credentials poses a serious security risk, enabling potential unauthorized access that can compromise system integrity.

Affected Version(s)

NDI N3 Firmware 2.02.0227

NDI N3 Firmware 2.02.0227

NDI N3-s Firmware 2.02.0227

References

https://www.kiloview.com/en/support/download/n3-for-ndi/
release-notes
https://www.kiloview.com/en/support/download/n3-s-firmwar...
release-notes
https://www.kiloview.com/en/support/download/1779/
release-notes

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Milan Duric, EBU
.