← back
CVE-2020-24219

CVE-2020-24219

EPSS 23.0%
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/159595/HiSilicon-Video-Encoder-1.97-File-Disclosure-Path-Traversal.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48899unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/159595/HiSilicon-Video-Encoder-1.97-File-Disclosure-Path-Traversal.htmlhttps://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/https://www.kb.cert.org/vuls/id/896979