CVE infos
Improper Access Control Vulnerability In Prodys Quantum Audio Codec
5/23/2025
CVSS Score: 9.8
Description: Improper access control vulnerability in Prodys’ Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application.
Vendors: Prodys
Affected product: Quantum Audio codec v2.3.4t
Solution: The vendor attempted to fix the vulnerability in version 2.3.4t, limiting exploitation to a low-privileged attacker only. Finally, the vulnerability was fully fixed by the manufacturer in version 2.3.4w.
Credits: Milan Duric, Jakob Pfister, INCIBE
Authenticated Remote Code Execution In Kiloview NDI N Series Products
3/21/2024
CVSS Score: 8.8
Description: An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
Vendors: Kiloview
Affected product: NDI
Solution: Upgrade to Firmware version 2.02.0227 .
Credits: Milan Duric, Switzerland National Cyber Security Centre (NCSC)
Use Of Hard-Coded Credentials In Kiloview NDI N Series Products API Middleware
3/21/2024
CVSS Score: 9.8
Description: Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authentication. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
Vendors: Kiloview
Affected product: NDI
Solution: Upgrade to Firmware version 2.02.0227 .
Credits: Milan Duric, Switzerland National Cyber Security Centre (NCSC)