Description
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
Published: 2026-01-29
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Full administrative control over the device
Action: Contact Vendor
AI Analysis

Impact

A missing authentication flaw in KiloView Encoder Series allows anyone who can reach the device to create or delete administrator accounts, which grants complete administrative control. The weakness is a lack of authentication for a critical function (CWE‑306). An attacker could configure the device, exfiltrate or alter data, or disable services, compromising confidentiality, integrity, and availability at the device level.

Affected Systems

Affected hardware includes the KiloView Encoder Series models E1 (hardware versions 1.4 and 1.6.20), E1‑s (1.4), E2 (1.7.20 and 1.8.20), G1 (1.6.20), P1 (1.3.20), P2 (1.8.20), and RE1 (2.0.00 and 3.0.00).

Risk and Exploitability

The CVSS score of 9.3 indicates a high‑severity vulnerability, while the EPSS score shows a very low current exploitation probability (<1%). The vulnerability is not listed in CISA’s KEV catalog. Exploitation likely requires network access to the device’s management interface; an attacker could trigger the flaw by issuing directed requests that create or delete administrative accounts without needing prior authentication.

Generated by OpenCVE AI on April 18, 2026 at 14:31 UTC.

Remediation

Vendor Workaround

KiloView has not responded to requests to work with CISA to mitigate this vulnerability. Users of affected versions of KiloView Encoder Series are invited to contact KiloView customer support for additional information.

OpenCVE Recommended Actions

  • Contact KiloView customer support for guidance on firmware updates or patches
  • Restrict external access to the device’s management interface through network segmentation or firewall rules
  • Implement temporary management interface controls, such as disabling remote admin or requiring strong authentication before any administrative operations

Generated by OpenCVE AI on April 18, 2026 at 14:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 30 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Kiloview
Kiloview encoder Series
Vendors & Products Kiloview
Kiloview encoder Series

Thu, 29 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Description A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
Title Missing Authentication for Critical Function in KiloView Encoder Series
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Kiloview Encoder Series
cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2026-01-29T20:28:55.866Z

Reserved: 2026-01-26T19:48:46.732Z

Link: CVE-2026-1453

cve-icon Vulnrichment

Updated: 2026-01-29T20:28:48.081Z

cve-icon NVD

Status : Deferred

Published: 2026-01-29T19:16:18.987

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-1453

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:45:03Z

Weaknesses