CVE-2020-24218

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.

CVSS v3 9.8 CRITICAL
CVSS v2.0 5.0 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/	Exploit Third Party Advisory
https://www.kb.cert.org/vuls/id/896979	Third Party Advisory US Government Resource
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/	Exploit Third Party Advisory
https://www.kb.cert.org/vuls/id/896979	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:szuray:iptv\/h.264_video_encoder_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:szuray:uaioe264-1u:-:::::::*
	cpe:2.3:h:szuray:uce264-1-mini:-:::::::*
	cpe:2.3:h:szuray:uce264-1wb-mini:-:::::::*
	cpe:2.3:h:szuray:uce264-4-1u:-:::::::*
	cpe:2.3:h:szuray:uce264-8-1u:-:::::::*
	cpe:2.3:h:szuray:uhae264-16:-:::::::*
	cpe:2.3:h:szuray:uhce264-1:-:::::::*
	cpe:2.3:h:szuray:uhce264-16p32:-:::::::*
	cpe:2.3:h:szuray:uhce264-1p2:-:::::::*
	cpe:2.3:h:szuray:uhce264-1p2-1u:-:::::::*
	cpe:2.3:h:szuray:uhce264-1s:-:::::::*
	cpe:2.3:h:szuray:uhce264-1w:-:::::::*
	cpe:2.3:h:szuray:uhce264-1ws:-:::::::*
	cpe:2.3:h:szuray:uhce264-4p8:-:::::::*
	cpe:2.3:h:szuray:uhe264-1-4k:-:::::::*
	cpe:2.3:h:szuray:uhe264-16:-:::::::*
	cpe:2.3:h:szuray:uhe264-16l-3u:-:::::::*
	cpe:2.3:h:szuray:uhe264-16s-2u:-:::::::*
	cpe:2.3:h:szuray:uhe264-1l:-:::::::*
	cpe:2.3:h:szuray:uhe264-1l-4k:-:::::::*
	cpe:2.3:h:szuray:uhe264-1lw:-:::::::*
	cpe:2.3:h:szuray:uhe264-1s:-:::::::*
	cpe:2.3:h:szuray:uhe264-1s-mini:-:::::::*
	cpe:2.3:h:szuray:uhe264-1w-mini:-:::::::*
	cpe:2.3:h:szuray:uhe264-1wb-4g:-:::::::*
	cpe:2.3:h:szuray:uhe264-1wb-mini:-:::::::*
	cpe:2.3:h:szuray:uhe264-1wbs-2b:-:::::::*
	cpe:2.3:h:szuray:uhe264-1wbs-mini:-:::::::*
	cpe:2.3:h:szuray:uhe264-1ws-mini:-:::::::*
	cpe:2.3:h:szuray:uhe264-2-1u:-:::::::*
	cpe:2.3:h:szuray:uhe264-4:-:::::::*
	cpe:2.3:h:szuray:uhe264-4-1u:-:::::::*
	cpe:2.3:h:szuray:uhe264-4l-1u:-:::::::*
	cpe:2.3:h:szuray:uhe264-8:-:::::::*
	cpe:2.3:h:szuray:uhe264-8-1u:-:::::::*
	cpe:2.3:h:szuray:uhe264-8l-3u:-:::::::*
	cpe:2.3:h:szuray:uhe264-8s-2u:-:::::::*
	cpe:2.3:h:szuray:use264-16-3u:-:::::::*
	cpe:2.3:h:szuray:use264-1l:-:::::::*
	cpe:2.3:h:szuray:use264-1l-1u:-:::::::*
	cpe:2.3:h:szuray:use264-1l-mini:-:::::::*
	cpe:2.3:h:szuray:use264-1lw:-:::::::*
	cpe:2.3:h:szuray:use264-1wb-l:-:::::::*
	cpe:2.3:h:szuray:use264-4l-1u:-:::::::*
	cpe:2.3:h:szuray:use264-8-1u:-:::::::*
	cpe:2.3:h:szuray:uve264-1l:-:::::::*
	cpe:2.3:h:szuray:uve264-1lw:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:szuray:iptv\/h.265_video_encoder_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:szuray:uaioe265-1u:-:::::::*
	cpe:2.3:h:szuray:uhae265-1-mini:-:::::::*
	cpe:2.3:h:szuray:uhae265-1wb-mini:-:::::::*
	cpe:2.3:h:szuray:uhae265-4-1u:-:::::::*
	cpe:2.3:h:szuray:uhe265-1:-:::::::*
	cpe:2.3:h:szuray:uhe265-1-1u:-:::::::*
	cpe:2.3:h:szuray:uhe265-1-4k:-:::::::*
	cpe:2.3:h:szuray:uhe265-1-mini:-:::::::*
	cpe:2.3:h:szuray:uhe265-16-3u:-:::::::*
	cpe:2.3:h:szuray:uhe265-16l-3u:-:::::::*
	cpe:2.3:h:szuray:uhe265-1l:-:::::::*
	cpe:2.3:h:szuray:uhe265-1lw:-:::::::*
	cpe:2.3:h:szuray:uhe265-1s-4k:-:::::::*
	cpe:2.3:h:szuray:uhe265-1s-mini:-:::::::*
	cpe:2.3:h:szuray:uhe265-1w:-:::::::*
	cpe:2.3:h:szuray:uhe265-1w-4k:-:::::::*
	cpe:2.3:h:szuray:uhe265-1w-mini:-:::::::*
	cpe:2.3:h:szuray:uhe265-1wb-4g:-:::::::*
	cpe:2.3:h:szuray:uhe265-1wb-mini:-:::::::*
	cpe:2.3:h:szuray:uhe265-1wbs-mini:-:::::::*
	cpe:2.3:h:szuray:uhe265-2-1u:-:::::::*
	cpe:2.3:h:szuray:uhe265-4:-:::::::*
	cpe:2.3:h:szuray:uhe265-4-1u:-:::::::*
	cpe:2.3:h:szuray:uhe265-4s:-:::::::*
	cpe:2.3:h:szuray:uhe265-4s-1u:-:::::::*
	cpe:2.3:h:szuray:uhe265-8-1u:-:::::::*
	cpe:2.3:h:szuray:uhe265-8l-3u:-:::::::*
	cpe:2.3:h:szuray:uhe265-8s-1u:-:::::::*
	cpe:2.3:h:szuray:uhse265-1u:-:::::::*
	cpe:2.3:h:szuray:use265-1-1u:-:::::::*
	cpe:2.3:h:szuray:use265-1-mini:-:::::::*
	cpe:2.3:h:szuray:use265-16l-3u:-:::::::*
	cpe:2.3:h:szuray:use265-1l:-:::::::*
	cpe:2.3:h:szuray:use265-1l-1u:-:::::::*
	cpe:2.3:h:szuray:use265-1l-mini:-:::::::*
	cpe:2.3:h:szuray:use265-1lw:-:::::::*
	cpe:2.3:h:szuray:use265-1w-mini:-:::::::*
	cpe:2.3:h:szuray:use265-1wb-4g:-:::::::*
	cpe:2.3:h:szuray:use265-1wb-l:-:::::::*
	cpe:2.3:h:szuray:use265-1wb-mini:-:::::::*
	cpe:2.3:h:szuray:use265-2-1u:-:::::::*
	cpe:2.3:h:szuray:use265-4-1u:-:::::::*
	cpe:2.3:h:szuray:use265-4l-1u:-:::::::*
	cpe:2.3:h:szuray:use265-8-1u:-:::::::*
	cpe:2.3:h:szuray:uve265-1:-:::::::*
	cpe:2.3:h:szuray:uve265-1w:-:::::::*

History

21 Nov 2024, 05:14

Type	Values Removed	Values Added
References	~~() https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ - Exploit, Third Party Advisory~~	() https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ - Exploit, Third Party Advisory
References	~~() https://www.kb.cert.org/vuls/id/896979 - Third Party Advisory, US Government Resource~~	() https://www.kb.cert.org/vuls/id/896979 - Third Party Advisory, US Government Resource

Information

Published : 2020-10-06 14:15

Updated : 2024-11-21 05:14

NVD link : CVE-2020-24218

Mitre link : CVE-2020-24218

CVE.ORG link : CVE-2020-24218

JSON object : View

Products Affected

szuray

uhce264-16p32
uce264-1wb-mini
uhe264-1s
uhe265-1-mini
uhe264-8l-3u
uhae264-16
uhe264-1wb-mini
use265-1-mini
uhe265-1wb-4g
use265-1wb-l
uhe265-4s-1u
uhe264-8-1u
uhe265-1-1u
uhe265-1s-mini
uhe264-1lw
uve265-1
iptv\/h.265_video_encoder_firmware
uhe265-4-1u
uhe264-4l-1u
uhe264-16l-3u
uhe265-1w-4k
use264-8-1u
uhe265-8-1u
uhe264-1w-mini
uhe265-1lw
uhe264-1wb-4g
use264-1l-1u
uaioe264-1u
iptv\/h.264_video_encoder_firmware
use265-1-1u
uhe264-1ws-mini
use265-8-1u
use264-4l-1u
uhe264-1s-mini
uve264-1lw
uhe265-16l-3u
uaioe265-1u
use265-1l-1u
uhce264-1p2-1u
uhe264-16
use265-1l-mini
use264-1lw
uhe265-1-4k
use264-1l-mini
use265-1wb-mini
uhce264-1p2
uhae265-1wb-mini
use265-4-1u
uhae265-1-mini
uhe265-8l-3u
use265-1lw
uhe264-8s-2u
uhe264-16s-2u
uhe265-1l
use265-16l-3u
uhe264-1l-4k
uhe264-1-4k
use265-1l
uhe265-16-3u
use264-1l
uve265-1w
uhe264-2-1u
use265-1wb-4g
uhe264-4-1u
uhe265-4
uhse265-1u
uhce264-4p8
uhe265-1w-mini
uhe264-1l
use265-2-1u
uhce264-1
uhe264-8
uve264-1l
uhe264-4
uce264-4-1u
uhae265-4-1u
uhe265-4s
uhe264-1wbs-mini
uhe265-1wbs-mini
use264-16-3u
uhe265-1wb-mini
uhe265-1s-4k
uce264-1-mini
uhe265-1w
uhce264-1ws
uhe265-1
uhe264-1wbs-2b
uhe265-8s-1u
uhe265-2-1u
use265-4l-1u
use265-1w-mini
use264-1wb-l
uce264-8-1u
uhce264-1s
uhce264-1w

CWE

CWE-798

Use of Hard-coded Credentials

9.8 /10