There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNi Instrumentstudio
APPNi2026≤ 2025Ni Grpc Device Server
APPNi< 2.18.0
Related vulnerabilities
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may ...
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check...
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow...
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker...
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memor...