Description
A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version later than 2.02.0246
Scores
CVSS v4
10.0
EPSS
0.0006
EPSS Percentile
19.5%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-287
CWE-290
CWE-346
Status
published
Products (1)
Kiloview/NDI
2.02.246
Published
Oct 13, 2025
Tracked Since
Feb 18, 2026