1. Home
  2. CVE Database
  3. CVE-2020-24216
HIGH · 7.5

CVE-2020-24216

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via ...

Vulnerability Description

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
SzurayIptv\/H.264 Video Encoder Firmware-
SzurayUaioe264-1U-
SzurayUce264-1-Mini-
SzurayUce264-1Wb-Mini-
SzurayUce264-4-1U-
SzurayUce264-8-1U-
SzurayUhae264-16-
SzurayUhce264-1-
SzurayUhce264-16P32-
SzurayUhce264-1P2-
SzurayUhce264-1P2-1U-
SzurayUhce264-1S-
SzurayUhce264-1W-
SzurayUhce264-1Ws-
SzurayUhce264-4P8-
SzurayUhe264-1-4K-
SzurayUhe264-16-
SzurayUhe264-16L-3U-
SzurayUhe264-16S-2U-
SzurayUhe264-1L-

References

FAQ

What is CVE-2020-24216?

CVE-2020-24216 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via ...

How severe is CVE-2020-24216?

CVE-2020-24216 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-24216?

Check the references section above for vendor advisories and patch information. Affected products include: Szuray Iptv\/H.264 Video Encoder Firmware, Szuray Uaioe264-1U, Szuray Uce264-1-Mini, Szuray Uce264-1Wb-Mini, Szuray Uce264-4-1U.