API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products

13/10/2025

CVSS Score: 10

Description: A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246

Vendors: Kiloview

Affected product: NDI

Solution: Upgrade to new Firmware version:3.01.

Credits: Louis Dumas, Joakim Brandt – NRK (Norsk rikskringkasting AS), Switzerland National Cyber Security Centre (NCSC)