CVE-2024-2162

An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.kiloview.com/en/support/download/1779/
https://www.kiloview.com/en/support/download/n20-firmware-download/
https://www.kiloview.com/en/support/download/n3-for-ndi/
https://www.kiloview.com/en/support/download/n3-s-firmware-download/
https://www.kiloview.com/en/support/download/n30-for-ndi/
https://www.kiloview.com/en/support/download/n40/

Configurations

No configuration.

History

21 Mar 2024, 12:58

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de inyección de comandos del sistema operativo en Kiloview NDI permite a un usuario con pocos privilegios ejecutar código arbitrario de forma remota en el dispositivo con altos privilegios. Este problema afecta a Kiloview NDI N3, N3-s, N4, N20, N30, N40 y se solucionó en la versión de firmware 2.02.0227.

21 Mar 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-21 06:15

Updated : 2024-03-21 12:58

NVD link : CVE-2024-2162

Mitre link : CVE-2024-2162

CVE.ORG link : CVE-2024-2162

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

8.8 /10