CVE-2023-41921
Download of Code Without Integrity Check in Kiloview P1/P2 devices
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target’s integrity to achieve an insecure state.
Una vulnerabilidad permite a los atacantes descargar código fuente o un ejecutable desde una ubicación remota y ejecutar el código sin verificar suficientemente el origen y la integridad del código. Esta vulnerabilidad puede permitir a atacantes modificar el firmware antes de subirlo al sistema, logrando así modificar la integridad del objetivo para alcanzar un estado inseguro.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2023-09-05 CVE Reserved
- 2024-07-02 CVE Published
- 2024-07-02 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-494: Download of Code Without Integrity Check
CAPEC
- CAPEC-184: Software Integrity Attack
References (1)
| URL | Tag | Source |
|---|---|---|
| https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kiloview Search vendor "Kiloview" | P1 4g Video Encoder Firmware Search vendor "Kiloview" for product "P1 4g Video Encoder Firmware" | * | - |
Affected
| ||||||
| Kiloview Search vendor "Kiloview" | P2 4g Video Encoder Firmware Search vendor "Kiloview" for product "P2 4g Video Encoder Firmware" | * | - |
Affected
| ||||||