ByteOS Network

Vulnerability Details :

CVE-2020-24216

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-06 Oct, 2020 | 13:02

Updated At-04 Aug, 2024 | 15:12

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:06 Oct, 2020 | 13:02

Updated At:04 Aug, 2024 | 15:12

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://www.kb.cert.org/vuls/id/896979	x_refsource_MISC
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/	x_refsource_MISC

Hyperlink: https://www.kb.cert.org/vuls/id/896979

Resource:

x_refsource_MISC

Hyperlink: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.kb.cert.org/vuls/id/896979	x_refsource_MISC x_transferred
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/	x_refsource_MISC x_transferred

Hyperlink: https://www.kb.cert.org/vuls/id/896979

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:06 Oct, 2020 | 14:15

Updated At:19 Oct, 2020 | 15:10

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

szuray>>iptv\/h.264_video_encoder_firmware>>-

cpe:2.3:o:szuray:iptv\/h.264_video_encoder_firmware:-:*:*:*:*:*:*:*

szuray>>uaioe264-1u>>-

cpe:2.3:h:szuray:uaioe264-1u:-:*:*:*:*:*:*:*

szuray>>uce264-1-mini>>-

cpe:2.3:h:szuray:uce264-1-mini:-:*:*:*:*:*:*:*

szuray>>uce264-1wb-mini>>-

cpe:2.3:h:szuray:uce264-1wb-mini:-:*:*:*:*:*:*:*

szuray>>uce264-4-1u>>-

cpe:2.3:h:szuray:uce264-4-1u:-:*:*:*:*:*:*:*

szuray>>uce264-8-1u>>-

cpe:2.3:h:szuray:uce264-8-1u:-:*:*:*:*:*:*:*

szuray>>uhae264-16>>-

cpe:2.3:h:szuray:uhae264-16:-:*:*:*:*:*:*:*

szuray>>uhce264-1>>-

cpe:2.3:h:szuray:uhce264-1:-:*:*:*:*:*:*:*

szuray>>uhce264-16p32>>-

cpe:2.3:h:szuray:uhce264-16p32:-:*:*:*:*:*:*:*

szuray>>uhce264-1p2>>-

cpe:2.3:h:szuray:uhce264-1p2:-:*:*:*:*:*:*:*

szuray>>uhce264-1p2-1u>>-

cpe:2.3:h:szuray:uhce264-1p2-1u:-:*:*:*:*:*:*:*

szuray>>uhce264-1s>>-

cpe:2.3:h:szuray:uhce264-1s:-:*:*:*:*:*:*:*

szuray>>uhce264-1w>>-

cpe:2.3:h:szuray:uhce264-1w:-:*:*:*:*:*:*:*

szuray>>uhce264-1ws>>-

cpe:2.3:h:szuray:uhce264-1ws:-:*:*:*:*:*:*:*

szuray>>uhce264-4p8>>-

cpe:2.3:h:szuray:uhce264-4p8:-:*:*:*:*:*:*:*

szuray>>uhe264-1-4k>>-

cpe:2.3:h:szuray:uhe264-1-4k:-:*:*:*:*:*:*:*

szuray>>uhe264-16>>-

cpe:2.3:h:szuray:uhe264-16:-:*:*:*:*:*:*:*

szuray>>uhe264-16l-3u>>-

cpe:2.3:h:szuray:uhe264-16l-3u:-:*:*:*:*:*:*:*

szuray>>uhe264-16s-2u>>-

cpe:2.3:h:szuray:uhe264-16s-2u:-:*:*:*:*:*:*:*

szuray>>uhe264-1l>>-

cpe:2.3:h:szuray:uhe264-1l:-:*:*:*:*:*:*:*

szuray>>uhe264-1l-4k>>-

cpe:2.3:h:szuray:uhe264-1l-4k:-:*:*:*:*:*:*:*

szuray>>uhe264-1lw>>-

cpe:2.3:h:szuray:uhe264-1lw:-:*:*:*:*:*:*:*

szuray>>uhe264-1s>>-

cpe:2.3:h:szuray:uhe264-1s:-:*:*:*:*:*:*:*

szuray>>uhe264-1s-mini>>-

cpe:2.3:h:szuray:uhe264-1s-mini:-:*:*:*:*:*:*:*

szuray>>uhe264-1w-mini>>-

cpe:2.3:h:szuray:uhe264-1w-mini:-:*:*:*:*:*:*:*

szuray>>uhe264-1wb-4g>>-

cpe:2.3:h:szuray:uhe264-1wb-4g:-:*:*:*:*:*:*:*

szuray>>uhe264-1wb-mini>>-

cpe:2.3:h:szuray:uhe264-1wb-mini:-:*:*:*:*:*:*:*

szuray>>uhe264-1wbs-2b>>-

cpe:2.3:h:szuray:uhe264-1wbs-2b:-:*:*:*:*:*:*:*

szuray>>uhe264-1wbs-mini>>-

cpe:2.3:h:szuray:uhe264-1wbs-mini:-:*:*:*:*:*:*:*

szuray>>uhe264-1ws-mini>>-

cpe:2.3:h:szuray:uhe264-1ws-mini:-:*:*:*:*:*:*:*

szuray>>uhe264-2-1u>>-

cpe:2.3:h:szuray:uhe264-2-1u:-:*:*:*:*:*:*:*

szuray>>uhe264-4>>-

cpe:2.3:h:szuray:uhe264-4:-:*:*:*:*:*:*:*

szuray>>uhe264-4-1u>>-

cpe:2.3:h:szuray:uhe264-4-1u:-:*:*:*:*:*:*:*

szuray>>uhe264-4l-1u>>-

cpe:2.3:h:szuray:uhe264-4l-1u:-:*:*:*:*:*:*:*

szuray>>uhe264-8>>-

cpe:2.3:h:szuray:uhe264-8:-:*:*:*:*:*:*:*

szuray>>uhe264-8-1u>>-

cpe:2.3:h:szuray:uhe264-8-1u:-:*:*:*:*:*:*:*

szuray>>uhe264-8l-3u>>-

cpe:2.3:h:szuray:uhe264-8l-3u:-:*:*:*:*:*:*:*

szuray>>uhe264-8s-2u>>-

cpe:2.3:h:szuray:uhe264-8s-2u:-:*:*:*:*:*:*:*

szuray>>use264-16-3u>>-

cpe:2.3:h:szuray:use264-16-3u:-:*:*:*:*:*:*:*

szuray>>use264-1l>>-

cpe:2.3:h:szuray:use264-1l:-:*:*:*:*:*:*:*

szuray>>use264-1l-1u>>-

cpe:2.3:h:szuray:use264-1l-1u:-:*:*:*:*:*:*:*

szuray>>use264-1l-mini>>-

cpe:2.3:h:szuray:use264-1l-mini:-:*:*:*:*:*:*:*

szuray>>use264-1lw>>-

cpe:2.3:h:szuray:use264-1lw:-:*:*:*:*:*:*:*

szuray>>use264-1wb-l>>-

cpe:2.3:h:szuray:use264-1wb-l:-:*:*:*:*:*:*:*

szuray>>use264-4l-1u>>-

cpe:2.3:h:szuray:use264-4l-1u:-:*:*:*:*:*:*:*

szuray>>use264-8-1u>>-

cpe:2.3:h:szuray:use264-8-1u:-:*:*:*:*:*:*:*

szuray>>uve264-1l>>-

cpe:2.3:h:szuray:uve264-1l:-:*:*:*:*:*:*:*

szuray>>uve264-1lw>>-

cpe:2.3:h:szuray:uve264-1lw:-:*:*:*:*:*:*:*

szuray>>iptv\/h.265_video_encoder_firmware>>-

cpe:2.3:o:szuray:iptv\/h.265_video_encoder_firmware:-:*:*:*:*:*:*:*

szuray>>uaioe265-1u>>-

cpe:2.3:h:szuray:uaioe265-1u:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/	cve@mitre.org	Exploit Third Party Advisory
https://www.kb.cert.org/vuls/id/896979	cve@mitre.org	Third Party Advisory US Government Resource

Hyperlink: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.kb.cert.org/vuls/id/896979

Source: cve@mitre.org

Resource:

Third Party Advisory

US Government Resource

Similar CVEs

3Records found

CVE-2020-24215

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-34.75% / 96.88%

7 Day CHG+2.83%

Published-06 Oct, 2020 | 13:00

Updated-04 Aug, 2024 | 15:12

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution.

Vendor-szuray provideoinstruments jtechdigital n/a

Product-use265-1lw uhce264-4p8 vecaster-hd-h264 uhe264-16l-3u uhe264-1ws-mini uhe264-4 use264-1wb-l vecaster-hd-sdi_firmware uhe265-1s-4k vecaster-4k-hevc uhe264-1l-4k uhe264-1w-mini use264-1l uhe265-1w-mini uhe265-4s uhce264-1s uce264-1-mini h.264_iptv_encoder_1080p\@60hz_firmware use265-1w-mini use265-1l-mini uve264-1l uce264-1wb-mini uce264-8-1u uhe265-1lw uhe264-1wb-mini uhe265-1wb-mini uaioe265-1u uhe265-1wbs-mini uhe265-1-mini use265-1wb-l vecaster-hd-sdi uhe265-16l-3u uhe264-1l uhae265-4-1u uhe265-1w-4k uaioe264-1u uhe264-1-4k uhe264-1wbs-2b uhe265-8s-1u use265-1-mini uhe265-8-1u uve265-1w vecaster-4k-hevc_firmware use264-8-1u uhe264-8-1u uhe264-2-1u use265-16l-3u uhe264-1wb-4g uhe264-1s-mini uhe265-1wb-4g use264-1l-mini uhe265-1l uhe264-1s iptv\/h.264_video_encoder_firmware uhe265-1s-mini use264-4l-1u use265-1l-1u uhe264-4l-1u use265-1wb-4g uhe264-1wbs-mini use265-4l-1u use265-4-1u use265-1l uhe265-4s-1u uhe265-8l-3u uhe265-4-1u uve265-1 uhae264-16 uhe264-1lw uhae265-1wb-mini use265-1wb-mini uhae265-1-mini uhe265-1-4k h.264_iptv_encoder_1080p\@60hz use265-8-1u uhe265-4 uve264-1lw use265-1-1u uhe265-1 uhe265-2-1u uhce264-1p2-1u uhe264-8 use264-16-3u use264-1lw uhce264-1ws uhe264-8s-2u uhe265-16-3u uhce264-1p2 uhe264-4-1u uhe264-16s-2u uhce264-1w uhse265-1u uhce264-1 uhce264-16p32 uhe265-1w use265-2-1u use264-1l-1u iptv\/h.265_video_encoder_firmware vecaster-hd-h264_firmware uhe265-1-1u vecaster-hd-hevc_firmware uhe264-8l-3u uce264-4-1u uhe264-16 vecaster-hd-hevc n/a

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2020-24219

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-16.91% / 94.70%

7 Day CHG~0.00%

Published-06 Oct, 2020 | 13:16

Updated-04 Aug, 2024 | 15:12

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.

Vendor-szuray n/a

Product-use265-1lw uhce264-4p8 uhe264-16l-3u uhe264-1ws-mini uhe264-4 use264-1wb-l uhe265-1s-4k uhe264-1l-4k uhe264-1w-mini use264-1l uhe265-1w-mini uhe265-4s uhce264-1s uce264-1-mini use265-1w-mini use265-1l-mini uve264-1l uce264-1wb-mini uce264-8-1u uhe265-1lw uhe264-1wb-mini uhe265-1wb-mini uaioe265-1u uhe265-1wbs-mini uhe265-1-mini use265-1wb-l uhe265-16l-3u uhe264-1l uhae265-4-1u uhe265-1w-4k uaioe264-1u uhe264-1-4k uhe264-1wbs-2b uhe265-8s-1u use265-1-mini uhe265-8-1u uve265-1w use264-8-1u uhe264-8-1u uhe264-2-1u use265-16l-3u uhe264-1wb-4g uhe264-1s-mini uhe265-1wb-4g use264-1l-mini uhe265-1l uhe264-1s iptv\/h.264_video_encoder_firmware uhe265-1s-mini use264-4l-1u use265-1l-1u uhe264-4l-1u use265-1wb-4g uhe264-1wbs-mini use265-4l-1u use265-4-1u use265-1l uhe265-4s-1u uhe265-8l-3u uhe265-4-1u uve265-1 uhae264-16 uhe264-1lw uhae265-1wb-mini use265-1wb-mini uhae265-1-mini uhe265-1-4k use265-8-1u uhe265-4 uve264-1lw use265-1-1u uhe265-1 uhe265-2-1u uhce264-1p2-1u uhe264-8 use264-16-3u use264-1lw uhce264-1ws uhe264-8s-2u uhe265-16-3u uhce264-1p2 uhe264-4-1u uhe264-16s-2u uhce264-1w uhse265-1u uhce264-1 uhce264-16p32 uhe265-1w use265-2-1u use264-1l-1u iptv\/h.265_video_encoder_firmware uhe265-1-1u uhe264-8l-3u uce264-4-1u uhe264-16 n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2020-24218

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-0.34% / 56.02%

7 Day CHG~0.00%

Published-06 Oct, 2020 | 13:10

Updated-04 Aug, 2024 | 15:12

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.

Vendor-szuray n/a

CWE ID-CWE-798

Use of Hard-coded Credentials

CVE-2020-24216

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs