Vulnerability Description
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Szuray | Iptv\/H.264 Video Encoder Firmware | <= 1.97 |
| Szuray | Uaioe264-1U | - |
| Szuray | Uce264-1-Mini | - |
| Szuray | Uce264-1Wb-Mini | - |
| Szuray | Uce264-4-1U | - |
| Szuray | Uce264-8-1U | - |
| Szuray | Uhae264-16 | - |
| Szuray | Uhce264-1 | - |
| Szuray | Uhce264-16P32 | - |
| Szuray | Uhce264-1P2 | - |
| Szuray | Uhce264-1P2-1U | - |
| Szuray | Uhce264-1S | - |
| Szuray | Uhce264-1W | - |
| Szuray | Uhce264-1Ws | - |
| Szuray | Uhce264-4P8 | - |
| Szuray | Uhe264-1-4K | - |
| Szuray | Uhe264-16 | - |
| Szuray | Uhe264-16L-3U | - |
| Szuray | Uhe264-16S-2U | - |
| Szuray | Uhe264-1L | - |
Related Weaknesses (CWE)
References
- https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/896979Third Party AdvisoryUS Government Resource
- https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ExploitThird Party Advisory
- https://www.kb.cert.org/vuls/id/896979Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-24218?
CVE-2020-24218 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.
How severe is CVE-2020-24218?
CVE-2020-24218 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-24218?
Check the references section above for vendor advisories and patch information. Affected products include: Szuray Iptv\/H.264 Video Encoder Firmware, Szuray Uaioe264-1U, Szuray Uce264-1-Mini, Szuray Uce264-1Wb-Mini, Szuray Uce264-4-1U.