← back
CVE-2020-24215

CVE-2020-24215

EPSS 19.0%
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/159601/HiSilicon-Video-Encoder-Backdoor-Password.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48902unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/159601/HiSilicon-Video-Encoder-Backdoor-Password.htmlhttps://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/https://www.kb.cert.org/vuls/id/896979