25 matches found
EUVD-2020-16953
Malware in sbrugna...
Kiloview P1 4G Video Encoder and P2 4G Video Encoder Security Vulnerabilities
Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder are both professional video encoder devices from China-based Kiloview. A security vulnerability exists in the Kiloview P1 4G Video Encoder and Kiloview P2 4G Video Encoder, which stems from the fact that the devices support at least on...
HiSilicon Video Encoder Backdoor Password
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS) Exploit
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...
HiSilicon Video Encoders - Unauthenticated file disclosure via path traversal
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated file disclosure via path traversal Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: https://www.szuray.com/ Software Link: N/A Version: up to 1.97 Tested on: Linux CVE: CVE-2020-24219 Vendors: URayTech...
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS)
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...
HiSilicon Video Encoders - Full admin access via backdoor password
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...
HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - RCE via unauthenticated upload of malicious firmware Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24217 Vendors: URayTech,...
CVE-2020-24218
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...
CVE-2020-24219
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with t...
CVE-2020-24216
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...
Hardcoded credentials
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to b...
Hardcoded credentials
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...
CVE-2020-24219
CVE-2020-24219 affects URayTech IPTV/H.264/H.265 video encoders (up to v1.97). The vulnerability is a path traversal/pattern-matching flaw in unauthenticated HTTP handling that allows an attacker to read files from the device, including the configuration file containing the cleartext admin passwo...
CVE-2020-24219
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with t...
CVE-2020-24214
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming fo...
CVE-2020-24215
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration with the cleartext admin password, and...
CVE-2020-24218
CVE-2020-24218 affects URayTech IPTV/H.264/H.265 video encoders (up to version 1.97). The issue allows an unauthenticated remote attacker to log in as root using a hard-coded password embedded in the executable, effectively granting full control over the device. Documents indicate this involves d...
CVE-2020-24218
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file...
CVE-2020-24217
HiSilicon IPTV/H.264/H.265 video encoder devices are affected by CVE-2020-24217 due to an unauthenticated file-upload endpoint that can upload a custom firmware component, potentially coupled with command injection, to achieve arbitrary code execution. The connected sources (exploit-DB entries, C...