CVE infos
API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products
13/10/2025
CVSS Score: 10
Description: A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
Vendors: Kiloview
Affected product: NDI
Solution:Upgrade to new Firmware version:3.01.
Credits: Louis Dumas, Joakim Brandt – NRK (Norsk rikskringkasting AS), Switzerland National Cyber Security Centre (NCSC)
Hardcoded TLS private key in Kiloview N30 firmware
Score Severity Version Vector String
13/10/2025
CVSS Score: 8.7
Description: Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network
Vendors: Kiloview
Affected product: NDI
Solution:Upgrade to new Firmware version:3.01.
Credits: Louis Dumas, Switzerland National Cyber Security Centre (NCSC)
Improper Access Control Vulnerability In Prodys Quantum Audio Codec
5/23/2025
CVSS Score: 9.8
Description: Improper access control vulnerability in Prodys’ Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application.
Vendors: Prodys
Affected product: Quantum Audio codec v2.3.4t
Solution: The vendor attempted to fix the vulnerability in version 2.3.4t, limiting exploitation to a low-privileged attacker only. Finally, the vulnerability was fully fixed by the manufacturer in version 2.3.4w.
Credits: Milan Duric, Jakob Pfister, INCIBE
Authenticated Remote Code Execution In Kiloview NDI N Series Products
3/21/2024
CVSS Score: 8.8
Description: An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
Vendors: Kiloview
Affected product: NDI
Solution: Upgrade to Firmware version 2.02.0227 .
Credits: Milan Duric, Switzerland National Cyber Security Centre (NCSC)
Use Of Hard-Coded Credentials In Kiloview NDI N Series Products API Middleware
3/21/2024
CVSS Score: 9.8
Description: Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authentication. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 .
Vendors: Kiloview
Affected product: NDI
Solution: Upgrade to Firmware version 2.02.0227 .
Credits: Milan Duric, Switzerland National Cyber Security Centre (NCSC)