Home
CRITICAL: 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NCRITICAL: 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
4.7.2516
affected
Default status
unaffected
4.7.2511
affected
4.8.2523
affected
4.8.2611
affected
4.6.2400
affected
4.7.2512
affected
4.8.2561
affected
4.8.2554
affected
4.3.2029
affected
4.8.2555
affected
4.6.2408
affected
Default status
unaffected
4.7.2516
affected
4.8.2519
affected
4.8.2525
affected
4.8.2611
affected
4.8.2561
affected
4.8.2554
affected
4.8.2523
affected
Default status
unaffected
4.8.2611
affected
4.8.2561
affected
Default status
unaffected
4.8.2523
affected
4.8.2611
affected
4.8.2554
affected
Default status
unaffected
4.8.2561
affected
Default status
unaffected
4.8.2633
affected
4.8.2608
affected
Default status
unaffected
4.8.2633
affected
Default status
unaffected
4.7.2513
affected
Default status
unaffected
4.8.2519
affected
4.8.2561
affected
4.8.2611
affected
4.8.2525
affected
Description
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
Problem types
CWE-306 Missing Authentication for Critical Function
Product status
4.7.2516
4.7.2511
4.8.2523
4.8.2611
4.6.2400
4.7.2512
4.8.2561
4.8.2554
4.3.2029
4.8.2555
4.6.2408
4.7.2516
4.8.2519
4.8.2525
4.8.2611
4.8.2561
4.8.2554
4.8.2523
4.8.2611
4.8.2561
4.8.2523
4.8.2611
4.8.2554
4.8.2561
4.8.2633
4.8.2608
4.8.2633
4.7.2513
4.8.2519
4.8.2561
4.8.2611
4.8.2525
Credits
Muhammad Ammar (0xam225) reported this vulnerability to CISA.
References
www.cisa.gov/news-events/ics-advisories/icsa-26-029-01
github.com/...p/csaf_files/OT/white/2026/icsa-26-029-01.json