Approved changes feed: RSS · Atom
cpe:2.3:a:kiloview:p1/p2:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Kiloview (f3578cfb-3483-5287-a7c8-34cd79a6f050) |
|---|---|
| Product | P1/P2 (4f09b855-f536-5273-936b-39c0c49e0f10) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-41928 |
vulnerable | 2026-06-03 14:52:52.748460 |
Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices
MEDIUM (5.3)
The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses.
Published: 2024-07-02T07:43:31.998Z
Updated: 2024-08-02T19:09:49.433Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41927 |
vulnerable | 2026-06-03 14:52:52.748174 |
Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices
MEDIUM (5.3)
The server supports at least one cipher suite which is on the NCSC-NL list of cipher suites to be phased out, increasing the risk of cryptographic weaknesses.
Published: 2024-07-02T07:43:25.640Z
Updated: 2024-08-02T19:09:49.292Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41926 |
vulnerable | 2026-06-03 14:52:52.747870 |
Insufficiently protected credentials in Kiloview P1/P2 devices
HIGH (8.8)
The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials.
Published: 2024-07-02T07:43:16.362Z
Updated: 2024-08-02T19:09:49.320Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41923 |
vulnerable | 2026-06-03 14:52:52.747382 |
Weak Password Requirements in Kiloview P1/P2 devices
HIGH (7.2)
The user management section of the web application permits the creation of user accounts with excessively weak passwords, including single-character passwords.
Published: 2024-07-02T07:42:49.840Z
Updated: 2024-08-02T19:09:49.428Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41922 |
vulnerable | 2026-06-03 14:52:52.744212 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices
HIGH (7.2)
A 'Cross-site Scripting' (XSS) vulnerability, characterized by improper input neutralization during web page generation, has been discovered. This vulnerability allows for Stored XSS attacks to occur. Multiple areas within the administration interface of the webserver lack adequate input validation, resulting in multiple instances of Stored XSS vulnerabilities.
Published: 2024-07-02T07:42:42.031Z
Updated: 2024-08-02T19:09:49.427Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41921 |
vulnerable | 2026-06-03 14:52:52.743750 |
Download of Code Without Integrity Check in Kiloview P1/P2 devices
CRITICAL (9.8)
A vulnerability allows attackers to download source code or an executable from a remote location and execute the code without sufficiently verifying the origin and integrity of the code. This vulnerability can allow attackers to modify the firmware before uploading it to the system, thus achieving the modification of the target’s integrity to achieve an insecure state.
Published: 2024-07-02T07:42:33.722Z
Updated: 2024-08-02T19:09:49.427Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41920 |
vulnerable | 2026-06-03 14:52:52.743355 |
Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices
CRITICAL (9.8)
The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in.
Published: 2024-07-02T07:42:24.484Z
Updated: 2024-08-02T19:09:49.386Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41919 |
vulnerable | 2026-06-03 14:52:52.738175 |
Use of Hard-coded Credentials in Kiloview P1/P2 devices
CRITICAL (9.8)
Hardcoded credentials are discovered within the application's source code, creating a potential security risk for unauthorized access.
Published: 2024-07-02T07:42:16.318Z
Updated: 2024-08-02T19:09:49.323Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41918 |
vulnerable | 2026-06-03 14:52:52.737709 |
Missing Authentication for Critical Function in Kiloview P1/P2 devices
CRITICAL (10)
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to unauthenticated execute commands potentially leading to unauthorized data manipulation, access to privileged functions, or even the execution of arbitrary code.
Published: 2024-07-02T07:42:08.260Z
Updated: 2024-08-02T19:09:49.350Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-41917 |
vulnerable | 2026-06-03 14:52:52.737227 |
Improper input validation in Kiloview P1/P2 devices allows for remote code execution
CRITICAL (10)
Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution.
Published: 2024-07-02T07:41:28.397Z
Updated: 2024-08-02T19:09:49.069Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.