CVE-2023-41920

CRITICAL

Kiloview P1/P2 - Authentication Bypass via Hardcoded IP

Title source: llm

Description

The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.

References (1)

[Various Sources] https://advisories.ncsc.nl/advisory?id=NCSC-2024-0273

Scores

CVSS v3 9.8

EPSS 0.0014

EPSS Percentile 33.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-305

Status published

Products (1)

Kiloview/P1/P2 All - 4.8.2605

Published Jul 02, 2024

Tracked Since Feb 18, 2026