4 matches found
CVE-2020-24217
HiSilicon IPTV/H.264/H.265 video encoder devices are affected by CVE-2020-24217 due to an unauthenticated file-upload endpoint that can upload a custom firmware component, potentially coupled with command injection, to achieve arbitrary code execution. The connected sources (exploit-DB entries, C...
CVE-2020-24214
CVE-2020-24214 affects HiSilicon-based IPTV/H.264/H.265 video encoders. An unauthenticated crafted RTSP request can trigger a buffer overflow in the box application, causing a crash and a DoS state that lasts about a minute as the device reboots. Exploitation is described as unauthenticated and n...
CVE-2020-24215
CVE-2020-24215 affects HiSilicon-based IPTV/H.264/H.265 video encoders. The issue arises from hard-coded credentials in HTTP requests, enabling an attacker to perform any administrative task, retrieve device configurations (including the cleartext admin password), and upload firmware. This can le...
CVE-2020-24216
The CVE-2020-24216 issue affects HiSilicon-based IPTV/H.264/H.265 video encoders running the box application. When an administrator configures a secret RTSP streaming URL, streams remain reachable via default names (e.g., /0), allowing unauthenticated users to view streams meant to be private. Th...