CVE-2023-41926 Insufficiently protected credentials in Kiloview P1/P2 devices

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

CVE-2023-41926 Insufficiently protected credentials in Kiloview P1/P2 devices

The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials...

CVE-2023-41923 Weak Password Requirements in Kiloview P1/P2 devices

The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords...

CVE-2023-41922 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices

A 'Cross-site Scripting' XSS vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation...

CVE-2023-41922 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices

A 'Cross-site Scripting' XSS vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation...

CVE-2023-41921 Download of Code Without Integrity Check in Kiloview P1/P2 devices

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...

CVE-2023-41921 Download of Code Without Integrity Check in Kiloview P1/P2 devices

A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achievin...

CVE-2023-41920 Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices

The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in...

CVE-2023-41920 Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices

The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in...

CVE-2023-41919 Use of Hard-coded Credentials in Kiloview P1/P2 devices

Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access...

CVE-2023-41919 Use of Hard-coded Credentials in Kiloview P1/P2 devices

Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access...

CVE-2023-41918 Missing Authentication for Critical Function in Kiloview P1/P2 devices

A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code...

CVE-2023-41918 Missing Authentication for Critical Function in Kiloview P1/P2 devices

A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code...

CVE-2023-41917 Improper input validation in Kiloview P1/P2 devices allows for remote code execution

Inadequate input validation exposes the system to potential remote code execution RCE risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution...

CVE-2023-41917 Improper input validation in Kiloview P1/P2 devices allows for remote code execution

Inadequate input validation exposes the system to potential remote code execution RCE risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution...

Vulnerabilities discovered in Kiloview P1 4G Video Encoder and P2 4G Video Encoder

Vulnerabilities have been discovered in Kiloview P1 and P2. Kiloview P1 and P2 are hardware solutions for streaming image information in HDMI format. The firmware of these systems contains a number of serious vulnerabilities that allow a malicious person to perform attacks that can lead to the...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both a professional video encoder device from Kiloview China. A security vulnerability exists in the Kiloview P1 and P2. The vulnerability can be exploited by an attacker to access the root account without authentication...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 and P2, which stems from insufficient input validation. The vulnerability can be exploited to execute arbitrary...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 and P2 that stems from the use of hard-coded credentials...

Kiloview P1 and P2 Security Vulnerabilities

Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both a professional video encoder device from Kiloview China. A security vulnerability exists in the Kiloview P1 and P2. An attacker could exploit this vulnerability to download source code or executable files from a remote locatio...