CyberSec.Space Logo
Back to CVE Browser

CVE-2020-24217

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1920%
EPSS Percentile6.41th
PublishedOct 6, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution.

Affected Platforms (CPE)

πŸ’»
Szuray

Iptv\/h.264 Video Encoder Firmware

All versions
πŸ’»
Szuray

Iptv\/h.265 Video Encoder Firmware

All versions
πŸ’»
Jtechdigital

H.264 Iptv Encoder 1080p\@60hz Firmware

All versions
πŸ’»
Provideoinstruments

Vecaster Hd H264 Firmware

All versions
πŸ’»
Provideoinstruments

Vecaster Hd Hevc Firmware

All versions
πŸ’»
Provideoinstruments

Vecaster 4k Hevc Firmware

All versions
πŸ’»
Provideoinstruments

Vecaster Hd Sdi Firmware

All versions

References & Advisories

πŸ”— http://packetstormsecurity.com/files/159597/HiSilicon-Video-Encoder-Command-Injection.html
πŸ”— http://packetstormsecurity.com/files/159599/HiSilicon-Video-Encoder-Malicious-Firmware-Code-Execution.html
πŸ”— https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
πŸ”— https://www.kb.cert.org/vuls/id/896979
πŸ”— http://packetstormsecurity.com/files/159597/HiSilicon-Video-Encoder-Command-Injection.html
πŸ”— http://packetstormsecurity.com/files/159599/HiSilicon-Video-Encoder-Malicious-Firmware-Code-Execution.html
πŸ”— https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
πŸ”— https://www.kb.cert.org/vuls/id/896979

Related Vulnerabilities

CVE-2020-1249310.0

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device wi...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2020-941210.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...