Lucene search

[email protected]CVE-2020-24217

HistoryOct 06, 2020 - 2:15 p.m.

CVE-2020-24217

2020-10-0614:15:12

CWE-306

[email protected]

web.nvd.nist.gov

cve-2020-24217

hisilicon

iptv

h.264

h.265

video encoders

file upload

authentication

command injection

firmware component

arbitrary code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution.

Affected configurations

NVD

Node

szurayiptv\/h.264_video_encoder_firmwareMatch-

AND

szurayuaioe264-1uMatch-

szurayuce264-1-miniMatch-

szurayuce264-1wb-miniMatch-

szurayuce264-4-1uMatch-

szurayuce264-8-1uMatch-

szurayuhae264-16Match-

szurayuhce264-1Match-

szurayuhce264-16p32Match-

szurayuhce264-1p2Match-

szurayuhce264-1p2-1uMatch-

szurayuhce264-1sMatch-

szurayuhce264-1wMatch-

szurayuhce264-1wsMatch-

szurayuhce264-4p8Match-

szurayuhe264-1-4kMatch-

szurayuhe264-16Match-

szurayuhe264-16l-3uMatch-

szurayuhe264-16s-2uMatch-

szurayuhe264-1lMatch-

szurayuhe264-1l-4kMatch-

szurayuhe264-1lwMatch-

szurayuhe264-1sMatch-

szurayuhe264-1s-miniMatch-

szurayuhe264-1w-miniMatch-

szurayuhe264-1wb-4gMatch-

szurayuhe264-1wb-miniMatch-

szurayuhe264-1wbs-2bMatch-

szurayuhe264-1wbs-miniMatch-

szurayuhe264-1ws-miniMatch-

szurayuhe264-2-1uMatch-

szurayuhe264-4Match-

szurayuhe264-4-1uMatch-

szurayuhe264-4l-1uMatch-

szurayuhe264-8Match-

szurayuhe264-8-1uMatch-

szurayuhe264-8l-3uMatch-

szurayuhe264-8s-2uMatch-

szurayuse264-16-3uMatch-

szurayuse264-1lMatch-

szurayuse264-1l-1uMatch-

szurayuse264-1l-miniMatch-

szurayuse264-1lwMatch-

szurayuse264-1wb-lMatch-

szurayuse264-4l-1uMatch-

szurayuse264-8-1uMatch-

szurayuve264-1lMatch-

szurayuve264-1lwMatch-

Node

szurayiptv\/h.265_video_encoder_firmwareMatch-

AND

szurayuaioe265-1uMatch-

szurayuhae265-1-miniMatch-

szurayuhae265-1wb-miniMatch-

szurayuhae265-4-1uMatch-

szurayuhe265-1Match-

szurayuhe265-1-1uMatch-

szurayuhe265-1-4kMatch-

szurayuhe265-1-miniMatch-

szurayuhe265-16-3uMatch-

szurayuhe265-16l-3uMatch-

szurayuhe265-1lMatch-

szurayuhe265-1lwMatch-

szurayuhe265-1s-4kMatch-

szurayuhe265-1s-miniMatch-

szurayuhe265-1wMatch-

szurayuhe265-1w-4kMatch-

szurayuhe265-1w-miniMatch-

szurayuhe265-1wb-4gMatch-

szurayuhe265-1wb-miniMatch-

szurayuhe265-1wbs-miniMatch-

szurayuhe265-2-1uMatch-

szurayuhe265-4Match-

szurayuhe265-4-1uMatch-

szurayuhe265-4sMatch-

szurayuhe265-4s-1uMatch-

szurayuhe265-8-1uMatch-

szurayuhe265-8l-3uMatch-

szurayuhe265-8s-1uMatch-

szurayuhse265-1uMatch-

szurayuse265-1-1uMatch-

szurayuse265-1-miniMatch-

szurayuse265-16l-3uMatch-

szurayuse265-1lMatch-

szurayuse265-1l-1uMatch-

szurayuse265-1l-miniMatch-

szurayuse265-1lwMatch-

szurayuse265-1w-miniMatch-

szurayuse265-1wb-4gMatch-

szurayuse265-1wb-lMatch-

szurayuse265-1wb-miniMatch-

szurayuse265-2-1uMatch-

szurayuse265-4-1uMatch-

szurayuse265-4l-1uMatch-

szurayuse265-8-1uMatch-

szurayuve265-1Match-

szurayuve265-1wMatch-

Node

jtechdigitalh.264_iptv_encoder_1080p\@60hz_firmwareMatch-

AND

jtechdigitalh.264_iptv_encoder_1080p\@60hzMatch-

Node

provideoinstrumentsvecaster-hd-h264_firmwareMatch-

AND

provideoinstrumentsvecaster-hd-h264Match-

Node

provideoinstrumentsvecaster-hd-hevc_firmwareMatch-

AND

provideoinstrumentsvecaster-hd-hevcMatch-

Node

provideoinstrumentsvecaster-4k-hevc_firmwareMatch-

AND

provideoinstrumentsvecaster-4k-hevcMatch-

Node

provideoinstrumentsvecaster-hd-sdi_firmwareMatch-

AND

provideoinstrumentsvecaster-hd-sdiMatch-

CPENameOperatorVersion
szuray:iptv\/h.264_video_encoder_firmwareszuray iptv/h.264 video encoder firmwareeq-

CPE	Name	Operator	Version
szuray:iptv\/h.264_video_encoder_firmware	szuray iptv/h.264 video encoder firmware	eq	-

References

packetstormsecurity.com/files/159597/HiSilicon-Video-Encoder-Command-Injection.html

packetstormsecurity.com/files/159599/HiSilicon-Video-Encoder-Malicious-Firmware-Code-Execution.html

kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/

www.kb.cert.org/vuls/id/896979

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Related for CVE-2020-24217

checkpoint_advisories1 packetstorm2 prion1 nvd1 cvelist1 exploitdb2 cert1