Vulnerability CVE-2020-24219


Published: 2020-10-06

Description:
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.

See advisories in our WLB2 database:
Topic
Author
Date
High
HiSilicon Video Encoder 1.97 File Disclosure / Path Traversal
Alexei Kojenov
19.10.2020

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

 References:
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
https://www.kb.cert.org/vuls/id/896979

Copyright 2021, cxsecurity.com

 

Back to Top