CVE-2026-1453
published 2026-01-29CVE-2026-1453: A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.50%
38.7th percentile
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kiloview | encoder_series_e1-s_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1-s_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1-s_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1-s_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1-s_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1-s_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1-s_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.4 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_e2_hardware_version_1.7.20 | — | — |
| kiloview | encoder_series_e2_hardware_version_1.7.20 | — | — |
| kiloview | encoder_series_e2_hardware_version_1.8.20 | — | — |
| kiloview | encoder_series_e2_hardware_version_1.8.20 | — | — |
| kiloview | encoder_series_e2_hardware_version_1.8.20 | — | — |
| kiloview | encoder_series_g1_hardware_version_1.6.20 | — | — |
| kiloview | encoder_series_p1_hardware_version_1.3.20 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability class is CWE-306 (Missing Authentication for Critical Function) — monitor for unauthenticated HTTP requests to admin account creation/deletion endpoints on KiloView Encoder Series devices ↗
- →CVSS:3.1/AV:N/AC:L/PR:N/UI:N — exploitation requires no authentication, no user interaction, and is network-reachable; alert on any new admin account creation events originating from unauthenticated sessions on affected devices ↗
- →Affected hardware models and firmware versions to target for network scanning/asset inventory: E1 hw 1.4 fw 4.7.2516; E1 hw 1.6.20 fw 4.7.2511|4.8.2523|4.8.2611|4.6.2400|4.7.2512|4.8.2561|4.8.2554|4.3.2029|4.8.2555|4.6.2408; E1-s hw 1.4 fw 4.7.2516|4.8.2519|4.8.2525|4.8.2611|4.8.2561|4.8.2554|4.8.2523; E2 hw 1.7.20 fw 4.8.2611|4.8.2561; E2 hw 1.8.20 fw 4.8.2523|4.8.2611|4.8.2554; G1 hw 1.6.20 fw 4.8.2561; P1 hw 1.3.20 fw 4.8.2633|4.8.2608; P2 hw 1.8.20 fw 4.8.2633; RE1 hw 2.0.00 fw 4.7.2513; RE1 hw 3.0.00 fw 4.8.2519|4.8.2561|4.8.2611|4.8.2525 ↗
- ·All affected hardware versions are end-of-life; vendor will not release patches. Detection and mitigation must rely on network controls rather than patching. ↗
- ·No known public exploitation has been reported at time of advisory publication; no public proof-of-concept or exploit code was referenced in sources. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
KiloView Encoder Series (Update A)
cisa_ics·2026-02-05·CVSS 9.8
[CRITICAL] KiloView Encoder Series (Update A)
ICS Advisory
##
KiloView Encoder Series (Update A)
Last RevisedFebruary 05, 2026
Alert CodeICSA-26-029-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
Successful exploitation of this vulnerability could allow an unauthenticated attacker to create or delete administrator accounts, granting full administrative control.
The following versions of KiloView Encoder Series are affected:
- Encoder Series E1 hardware Version 1.4 4.7.2516 (CVE-2026-1453)
- Encoder Series E1 hardware Version 1.6.20 4.7.2511|4.8.2523|4.8.2611|4.6.2400|4.7.2512|4.8.2561|4.8.2554|4.3.2029|4.8.2555|4.6.2408 (CVE-2026-1453)
- Encoder Series E1-s hardware Version 1.4 4.7.2516|4.8.2519|4.8.2525|4.8.2611|4.8.2561|4.8.2554|4.8.252
GHSA
GHSA-x5qw-m467-vgq3: A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete ad
ghsa_unreviewed·2026-01-29
CVE-2026-1453 [CRITICAL] CWE-306 GHSA-x5qw-m467-vgq3: A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete ad
A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-29
Published