Podatność CVE-2020-24219


Publikacja: 2020-10-06

Opis:
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal
Alexei Kojenov
19.10.2020

Typ:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 Referencje:
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
https://www.kb.cert.org/vuls/id/896979

Copyright 2022, cxsecurity.com

 

Back to Top