CVE-2020-24217
Summary
| CVE | CVE-2020-24217 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-06 14:15:00 UTC |
| Updated | 2022-01-01 18:16:00 UTC |
| Description | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Jtechdigital | H.264 Iptv Encoder 1080p@60hz | - | All | All | All |
| Hardware | Jtechdigital | H.264 Iptv Encoder 1080p@60hz | - | All | All | All |
| Operating System | Jtechdigital | H.264 Iptv Encoder 1080p@60hz Firmware | - | All | All | All |
| Operating System | Jtechdigital | H.264 Iptv Encoder 1080p@60hz Firmware | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-4k-hevc | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-4k-hevc | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-4k-hevc Firmware | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-4k-hevc Firmware | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-hd-h264 | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-hd-h264 | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-hd-h264 Firmware | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-hd-h264 Firmware | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-hd-hevc | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-hd-hevc | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-hd-hevc Firmware | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-hd-hevc Firmware | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-hd-sdi | - | All | All | All |
| Hardware | Provideoinstruments | Vecaster-hd-sdi | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-hd-sdi Firmware | - | All | All | All |
| Operating System | Provideoinstruments | Vecaster-hd-sdi Firmware | - | All | All | All |
| Operating System | Szuray | Iptv/h.264 Video Encoder Firmware | - | All | All | All |
| Operating System | Szuray | Iptv/h.264 Video Encoder Firmware | - | All | All | All |
| Operating System | Szuray | Iptv/h.265 Video Encoder Firmware | - | All | All | All |
| Operating System | Szuray | Iptv/h.265 Video Encoder Firmware | - | All | All | All |
| Hardware | Szuray | Uaioe264-1u | - | All | All | All |
| Hardware | Szuray | Uaioe264-1u | - | All | All | All |
| Hardware | Szuray | Uaioe265-1u | - | All | All | All |
| Hardware | Szuray | Uaioe265-1u | - | All | All | All |
| Hardware | Szuray | Uce264-1-mini | - | All | All | All |
| Hardware | Szuray | Uce264-1-mini | - | All | All | All |
| Hardware | Szuray | Uce264-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uce264-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uce264-4-1u | - | All | All | All |
| Hardware | Szuray | Uce264-4-1u | - | All | All | All |
| Hardware | Szuray | Uce264-8-1u | - | All | All | All |
| Hardware | Szuray | Uce264-8-1u | - | All | All | All |
| Hardware | Szuray | Uhae264-16 | - | All | All | All |
| Hardware | Szuray | Uhae264-16 | - | All | All | All |
| Hardware | Szuray | Uhae265-1-mini | - | All | All | All |
| Hardware | Szuray | Uhae265-1-mini | - | All | All | All |
| Hardware | Szuray | Uhae265-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uhae265-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uhae265-4-1u | - | All | All | All |
| Hardware | Szuray | Uhae265-4-1u | - | All | All | All |
| Hardware | Szuray | Uhce264-1 | - | All | All | All |
| Hardware | Szuray | Uhce264-1 | - | All | All | All |
| Hardware | Szuray | Uhce264-16p32 | - | All | All | All |
| Hardware | Szuray | Uhce264-16p32 | - | All | All | All |
| Hardware | Szuray | Uhce264-1p2 | - | All | All | All |
| Hardware | Szuray | Uhce264-1p2 | - | All | All | All |
| Hardware | Szuray | Uhce264-1p2-1u | - | All | All | All |
| Hardware | Szuray | Uhce264-1p2-1u | - | All | All | All |
| Hardware | Szuray | Uhce264-1s | - | All | All | All |
| Hardware | Szuray | Uhce264-1s | - | All | All | All |
| Hardware | Szuray | Uhce264-1w | - | All | All | All |
| Hardware | Szuray | Uhce264-1w | - | All | All | All |
| Hardware | Szuray | Uhce264-1ws | - | All | All | All |
| Hardware | Szuray | Uhce264-1ws | - | All | All | All |
| Hardware | Szuray | Uhce264-4p8 | - | All | All | All |
| Hardware | Szuray | Uhce264-4p8 | - | All | All | All |
| Hardware | Szuray | Uhe264-1-4k | - | All | All | All |
| Hardware | Szuray | Uhe264-1-4k | - | All | All | All |
| Hardware | Szuray | Uhe264-16 | - | All | All | All |
| Hardware | Szuray | Uhe264-16 | - | All | All | All |
| Hardware | Szuray | Uhe264-16l-3u | - | All | All | All |
| Hardware | Szuray | Uhe264-16l-3u | - | All | All | All |
| Hardware | Szuray | Uhe264-16s-2u | - | All | All | All |
| Hardware | Szuray | Uhe264-16s-2u | - | All | All | All |
| Hardware | Szuray | Uhe264-1l | - | All | All | All |
| Hardware | Szuray | Uhe264-1l | - | All | All | All |
| Hardware | Szuray | Uhe264-1l-4k | - | All | All | All |
| Hardware | Szuray | Uhe264-1l-4k | - | All | All | All |
| Hardware | Szuray | Uhe264-1lw | - | All | All | All |
| Hardware | Szuray | Uhe264-1lw | - | All | All | All |
| Hardware | Szuray | Uhe264-1s | - | All | All | All |
| Hardware | Szuray | Uhe264-1s | - | All | All | All |
| Hardware | Szuray | Uhe264-1s-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1s-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1w-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1w-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1wb-4g | - | All | All | All |
| Hardware | Szuray | Uhe264-1wb-4g | - | All | All | All |
| Hardware | Szuray | Uhe264-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1wbs-2b | - | All | All | All |
| Hardware | Szuray | Uhe264-1wbs-2b | - | All | All | All |
| Hardware | Szuray | Uhe264-1wbs-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1wbs-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1ws-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-1ws-mini | - | All | All | All |
| Hardware | Szuray | Uhe264-2-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-2-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-4 | - | All | All | All |
| Hardware | Szuray | Uhe264-4 | - | All | All | All |
| Hardware | Szuray | Uhe264-4-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-4-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-4l-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-4l-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-8 | - | All | All | All |
| Hardware | Szuray | Uhe264-8 | - | All | All | All |
| Hardware | Szuray | Uhe264-8-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-8-1u | - | All | All | All |
| Hardware | Szuray | Uhe264-8l-3u | - | All | All | All |
| Hardware | Szuray | Uhe264-8l-3u | - | All | All | All |
| Hardware | Szuray | Uhe264-8s-2u | - | All | All | All |
| Hardware | Szuray | Uhe264-8s-2u | - | All | All | All |
| Hardware | Szuray | Uhe265-1 | - | All | All | All |
| Hardware | Szuray | Uhe265-1 | - | All | All | All |
| Hardware | Szuray | Uhe265-1-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-1-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-1-4k | - | All | All | All |
| Hardware | Szuray | Uhe265-1-4k | - | All | All | All |
| Hardware | Szuray | Uhe265-1-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-16-3u | - | All | All | All |
| Hardware | Szuray | Uhe265-16-3u | - | All | All | All |
| Hardware | Szuray | Uhe265-16l-3u | - | All | All | All |
| Hardware | Szuray | Uhe265-16l-3u | - | All | All | All |
| Hardware | Szuray | Uhe265-1l | - | All | All | All |
| Hardware | Szuray | Uhe265-1l | - | All | All | All |
| Hardware | Szuray | Uhe265-1lw | - | All | All | All |
| Hardware | Szuray | Uhe265-1lw | - | All | All | All |
| Hardware | Szuray | Uhe265-1s-4k | - | All | All | All |
| Hardware | Szuray | Uhe265-1s-4k | - | All | All | All |
| Hardware | Szuray | Uhe265-1s-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1s-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1w | - | All | All | All |
| Hardware | Szuray | Uhe265-1w | - | All | All | All |
| Hardware | Szuray | Uhe265-1w-4k | - | All | All | All |
| Hardware | Szuray | Uhe265-1w-4k | - | All | All | All |
| Hardware | Szuray | Uhe265-1w-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1w-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1wb-4g | - | All | All | All |
| Hardware | Szuray | Uhe265-1wb-4g | - | All | All | All |
| Hardware | Szuray | Uhe265-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1wb-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1wbs-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-1wbs-mini | - | All | All | All |
| Hardware | Szuray | Uhe265-2-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-2-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-4 | - | All | All | All |
| Hardware | Szuray | Uhe265-4 | - | All | All | All |
| Hardware | Szuray | Uhe265-4-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-4-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-4s | - | All | All | All |
| Hardware | Szuray | Uhe265-4s | - | All | All | All |
| Hardware | Szuray | Uhe265-4s-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-4s-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-8-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-8-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-8l-3u | - | All | All | All |
| Hardware | Szuray | Uhe265-8l-3u | - | All | All | All |
| Hardware | Szuray | Uhe265-8s-1u | - | All | All | All |
| Hardware | Szuray | Uhe265-8s-1u | - | All | All | All |
| Hardware | Szuray | Uhse265-1u | - | All | All | All |
| Hardware | Szuray | Uhse265-1u | - | All | All | All |
| Hardware | Szuray | Use264-16-3u | - | All | All | All |
| Hardware | Szuray | Use264-16-3u | - | All | All | All |
| Hardware | Szuray | Use264-1l | - | All | All | All |
| Hardware | Szuray | Use264-1l | - | All | All | All |
| Hardware | Szuray | Use264-1l-1u | - | All | All | All |
| Hardware | Szuray | Use264-1l-1u | - | All | All | All |
| Hardware | Szuray | Use264-1l-mini | - | All | All | All |
| Hardware | Szuray | Use264-1l-mini | - | All | All | All |
| Hardware | Szuray | Use264-1lw | - | All | All | All |
| Hardware | Szuray | Use264-1lw | - | All | All | All |
| Hardware | Szuray | Use264-1wb-l | - | All | All | All |
| Hardware | Szuray | Use264-1wb-l | - | All | All | All |
| Hardware | Szuray | Use264-4l-1u | - | All | All | All |
| Hardware | Szuray | Use264-4l-1u | - | All | All | All |
| Hardware | Szuray | Use264-8-1u | - | All | All | All |
| Hardware | Szuray | Use264-8-1u | - | All | All | All |
| Hardware | Szuray | Use265-1-1u | - | All | All | All |
| Hardware | Szuray | Use265-1-1u | - | All | All | All |
| Hardware | Szuray | Use265-1-mini | - | All | All | All |
| Hardware | Szuray | Use265-1-mini | - | All | All | All |
| Hardware | Szuray | Use265-16l-3u | - | All | All | All |
| Hardware | Szuray | Use265-16l-3u | - | All | All | All |
| Hardware | Szuray | Use265-1l | - | All | All | All |
| Hardware | Szuray | Use265-1l | - | All | All | All |
| Hardware | Szuray | Use265-1l-1u | - | All | All | All |
| Hardware | Szuray | Use265-1l-1u | - | All | All | All |
| Hardware | Szuray | Use265-1l-mini | - | All | All | All |
| Hardware | Szuray | Use265-1l-mini | - | All | All | All |
| Hardware | Szuray | Use265-1lw | - | All | All | All |
| Hardware | Szuray | Use265-1lw | - | All | All | All |
| Hardware | Szuray | Use265-1w-mini | - | All | All | All |
| Hardware | Szuray | Use265-1w-mini | - | All | All | All |
| Hardware | Szuray | Use265-1wb-4g | - | All | All | All |
| Hardware | Szuray | Use265-1wb-4g | - | All | All | All |
| Hardware | Szuray | Use265-1wb-l | - | All | All | All |
| Hardware | Szuray | Use265-1wb-l | - | All | All | All |
| Hardware | Szuray | Use265-1wb-mini | - | All | All | All |
| Hardware | Szuray | Use265-1wb-mini | - | All | All | All |
| Hardware | Szuray | Use265-2-1u | - | All | All | All |
| Hardware | Szuray | Use265-2-1u | - | All | All | All |
| Hardware | Szuray | Use265-4-1u | - | All | All | All |
| Hardware | Szuray | Use265-4-1u | - | All | All | All |
| Hardware | Szuray | Use265-4l-1u | - | All | All | All |
| Hardware | Szuray | Use265-4l-1u | - | All | All | All |
| Hardware | Szuray | Use265-8-1u | - | All | All | All |
| Hardware | Szuray | Use265-8-1u | - | All | All | All |
| Hardware | Szuray | Uve264-1l | - | All | All | All |
| Hardware | Szuray | Uve264-1l | - | All | All | All |
| Hardware | Szuray | Uve264-1lw | - | All | All | All |
| Hardware | Szuray | Uve264-1lw | - | All | All | All |
| Hardware | Szuray | Uve265-1 | - | All | All | All |
| Hardware | Szuray | Uve265-1 | - | All | All | All |
| Hardware | Szuray | Uve265-1w | - | All | All | All |
| Hardware | Szuray | Uve265-1w | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| HiSilicon Video Encoder Malicious Firmware Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| VU#896979 - IPTV encoder devices contain multiple vulnerabilities | MISC | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Software vulnerabilities in HiSilicon based hardware video encoders · Alexei Kojenov | MISC | kojenov.com | Exploit, Third Party Advisory |
| HiSilicon Video Encoder Command Injection ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.