Critical Flaws in KiloView Devices Enable Complete Admin Takeover - gbhackers.com

Critical Flaws in KiloView Devices CVE/vulnerabilityCyber Security NewsVulnerability 1 min.Read Critical Flaws in KiloView Devices Enable Complete Admin Takeover By Divya February 3, 2026 Share Facebook Twitter Pinterest WhatsApp The Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a critical vulnerability affecting multiple versions of KiloView Encoder Series devices, warning that unauthenticated attackers could gain full administrative access. Issued under alert code ICSA-26-029-01 on January 29, 2026, the flaw carries a severe CVSS v3 score of 9.8, indicating extreme risk to affected infrastructure. The vulnerability, tracked as CVE-2026-1453, stems from the lack of authentication mechanisms for critical administrative functions. Vulnerability CVSS Score Vendor Equipment Type CVE-2026-1453 9.8 KiloView KiloView Encoder Series Missing Authentication for Critical Function Successful exploitation allows attackers to create or delete administrator accounts without authorization, effectively granting complete control over the affected devices. This authentication bypass represents a fundamental security failure that remote, unauthenticated actors can trigger. KiloView Encoder devices are widely deployed across critical infrastructure sectors, including communications and information technology. The company, headquartered in China, manufactures encoding equipment used globally, making this vulnerability a concern for organizations worldwide. The vulnerability affects multiple hardware versions and firmware builds across eight encoder series variants, including the E1, E2, G1, P1, P2, and RE1 lines. Researchers Muhammad Ammar (0xam225) discovered and reported the vulnerability to CISA, demonstrating responsible disclosure practices. The agency has found no evidence of active exploitation at this time. However, the critical nature of the flaw suggests urgent remediation is necessary. CISA recommends immediate defensive measures, including network isolation of affected devices and restriction of Internet accessibility. Organizations should deploy control system networks behind firewalls and isolate them from business networks. When remote access is unavoidable, organizations should implement Virtual Private Networks (VPNs) with current security patches. However, administrators must recognize that VPNs carry their own vulnerabilities. Organizations should minimize network exposure for all control system devices and evaluate risk before implementing defensive measures. CISA encourages implementation of defense-in-depth strategies and comprehensive cybersecurity planning for industrial control systems. No public exploitation of this vulnerability has been reported, providing a critical window for organizations to patch systems before potential attackers weaponize the flaw. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags cyber security Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Network Penetration Testing Checklist – 2025 March 2, 2025 0 Network penetration testing is a cybersecurity practice that simulates... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareAntispoofingANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramMore cyber security Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks 0 Handala Hack is an Iranian state-linked destructive actor that... Cyber Attack Cyberattack Hits Poland’s Nuclear Research Center 0 Poland's National Centre for Nuclear Research recently experienced a... Cyber Attack CamelClone Uses Public File-Sharing Sites in Government Cyberattacks 0 A new cyber espionage campaign dubbed Operation CamelClone, targeting... AI Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories 0 Zach Rice, the original creator of the widely popular... Botnet RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs 0 RondoDox is a Mirai‑style botnet that has quickly evolved... cyber security MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time 0 Every day, billions of people rely on postal and... Android Google Unveils Android 17 Advanced Protection Mode to Stop Malicious Services 0 Google is preparing to launch Android 17, introducing a... Cyber Security News Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services 0 Tenable Research recently uncovered “LeakyLooker,” a critical set of... Related Articles Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks cyber security March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Cyber Attack March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Cyber Attack March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories AI March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Botnet March 16, 2026 Recent News Handala Hackers Exploit RDP and NetBird in Coordinated Wiper Attacks Mayura Kathir - March 16, 2026 Cyberattack Hits Poland’s Nuclear Research Center Divya - March 16, 2026 CamelClone Uses Public File-Sharing Sites in Government Cyberattacks Mayura Kathir - March 16, 2026 Betterleaks Launches as Open-Source Tool for Scanning Files, Directories, and Git Repositories Divya - March 16, 2026 RondoDox Botnet Scales Up, Exploiting 174 Vulnerabilities via Residential IPs Mayura Kathir - March 16, 2026 MEA Shipment Phishing Scams Surge, Stealing Banking Data in Real Time Mayura Kathir - March 16, 2026