MidnightBSD

Advisories for kiloview

CVE-2023-41919

Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cert@ncsc.nl 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
kiloview p2_firmware *
kiloview p1_firmware *
CVE-2023-41922

A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cert@ncsc.nl 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N 3.9 2.7

Products Affected

Vendor Product Version
kiloview p1_firmware -
kiloview p2_firmware -
CVE-2025-63560

An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows a remote attacker to cause a denial of service via the systemctrl API System/reFactory component.

Products Affected

Vendor Product Version
kiloview e3_firmware 1.20.0006