CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 6CVE-2024-2162 – Authenticated Remote Code Execution in Kiloview NDI N series products
https://notcve.org/view.php?id=CVE-2024-2162
21 Mar 2024 — An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . Una vulnerabilidad de inyección de comandos del sistema operativo en Kiloview NDI permite a un usuario con pocos privilegios ejecutar código arbitrario de forma remota en el dispositivo con altos privilegios. Este problema afecta a Kiloview NDI N3, N3-... • https://github.com/NitroCao/CVE-2024-21626 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-2161 – Use of Hard-coded Credentials in Kiloview NDI N series products API middleware
https://notcve.org/view.php?id=CVE-2024-2161
21 Mar 2024 — Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . El uso de credenciales codificadas en Kiloview NDI permite a los usuarios no autenticados omitir la autenticación. Este problema afecta a Kiloview NDI N3, N3-s, N4, N20, N30, N40 y se solucionó en la versión de firmware 2.02.0227. Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users... • https://www.kiloview.com/en/support/download/1779 • CWE-798: Use of Hard-coded Credentials •