Authenticated Remote Code Execution In Kiloview NDI N Series Products

3/21/2024

CVSS Score: 8.8

Description: An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .

Vendors: Kiloview

Affected product: NDI

Solution: Upgrade to Firmware version 2.02.0227 .

Credits: Milan Duric, Switzerland National Cyber Security Centre (NCSC)