cbcvebase.
CVE-2026-1453
published 2026-01-29

CVE-2026-1453: A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete…

PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.50%
38.7th percentile
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
kiloviewencoder_series_e1-s_hardware_version_1.4
kiloviewencoder_series_e1-s_hardware_version_1.4
kiloviewencoder_series_e1-s_hardware_version_1.4
kiloviewencoder_series_e1-s_hardware_version_1.4
kiloviewencoder_series_e1-s_hardware_version_1.4
kiloviewencoder_series_e1-s_hardware_version_1.4
kiloviewencoder_series_e1-s_hardware_version_1.4
kiloviewencoder_series_e1_hardware_version_1.4
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e1_hardware_version_1.6.20
kiloviewencoder_series_e2_hardware_version_1.7.20
kiloviewencoder_series_e2_hardware_version_1.7.20
kiloviewencoder_series_e2_hardware_version_1.8.20
kiloviewencoder_series_e2_hardware_version_1.8.20
kiloviewencoder_series_e2_hardware_version_1.8.20
kiloviewencoder_series_g1_hardware_version_1.6.20
kiloviewencoder_series_p1_hardware_version_1.3.20

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability class is CWE-306 (Missing Authentication for Critical Function) — monitor for unauthenticated HTTP requests to admin account creation/deletion endpoints on KiloView Encoder Series devices
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N — exploitation requires no authentication, no user interaction, and is network-reachable; alert on any new admin account creation events originating from unauthenticated sessions on affected devices
  • Affected hardware models and firmware versions to target for network scanning/asset inventory: E1 hw 1.4 fw 4.7.2516; E1 hw 1.6.20 fw 4.7.2511|4.8.2523|4.8.2611|4.6.2400|4.7.2512|4.8.2561|4.8.2554|4.3.2029|4.8.2555|4.6.2408; E1-s hw 1.4 fw 4.7.2516|4.8.2519|4.8.2525|4.8.2611|4.8.2561|4.8.2554|4.8.2523; E2 hw 1.7.20 fw 4.8.2611|4.8.2561; E2 hw 1.8.20 fw 4.8.2523|4.8.2611|4.8.2554; G1 hw 1.6.20 fw 4.8.2561; P1 hw 1.3.20 fw 4.8.2633|4.8.2608; P2 hw 1.8.20 fw 4.8.2633; RE1 hw 2.0.00 fw 4.7.2513; RE1 hw 3.0.00 fw 4.8.2519|4.8.2561|4.8.2611|4.8.2525
  • ·All affected hardware versions are end-of-life; vendor will not release patches. Detection and mitigation must rely on network controls rather than patching.
  • ·No known public exploitation has been reported at time of advisory publication; no public proof-of-concept or exploit code was referenced in sources.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.