CVE-2020-24216
- EPSS 0.71%
- Veröffentlicht 06.10.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:14:30
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attac...
CVE-2020-24217
- EPSS 31.94%
- Veröffentlicht 06.10.2020 14:15:12
- Zuletzt bearbeitet 21.11.2024 05:14:30
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, pos...
CVE-2020-24214
- EPSS 38.42%
- Veröffentlicht 06.10.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 05:14:30
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its ...
CVE-2020-24215
- EPSS 41.17%
- Veröffentlicht 06.10.2020 13:15:13
- Zuletzt bearbeitet 21.11.2024 05:14:30
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configurat...