An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00712.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

AND
cpe:2.3:o:szuray:iptv\/h.264_video_encoder_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:szuray:uaioe264-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uce264-1-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uce264-1wb-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uce264-4-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uce264-8-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhae264-16:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-1:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-16p32:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-1p2:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-1p2-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-1s:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-1w:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-1ws:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhce264-4p8:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1-4k:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-16:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-16l-3u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-16s-2u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1l:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1l-4k:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1lw:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1s:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1s-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1w-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1wb-4g:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1wb-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1wbs-2b:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1wbs-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-1ws-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-2-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-4:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-4-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-4l-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-8:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-8-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-8l-3u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe264-8s-2u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-16-3u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-1l:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-1l-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-1l-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-1lw:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-1wb-l:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-4l-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use264-8-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uve264-1l:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uve264-1lw:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:szuray:iptv\/h.265_video_encoder_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:szuray:uaioe265-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhae265-1-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhae265-1wb-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhae265-4-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1-4k:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-16-3u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-16l-3u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1l:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1lw:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1s-4k:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1s-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1w:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1w-4k:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1w-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1wb-4g:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1wb-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-1wbs-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-2-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-4:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-4-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-4s:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-4s-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-8-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-8l-3u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhe265-8s-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uhse265-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-16l-3u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1l:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1l-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1l-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1lw:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1w-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1wb-4g:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1wb-l:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-1wb-mini:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-2-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-4-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-4l-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:use265-8-1u:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uve265-1:-:*:*:*:*:*:*:*
cpe:2.3:h:szuray:uve265-1w:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:jtechdigital:h.264_iptv_encoder_1080p\@60hz_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:jtechdigital:h.264_iptv_encoder_1080p\@60hz:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:provideoinstruments:vecaster-hd-h264_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:provideoinstruments:vecaster-hd-h264:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:provideoinstruments:vecaster-hd-hevc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:provideoinstruments:vecaster-hd-hevc:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:provideoinstruments:vecaster-4k-hevc_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:provideoinstruments:vecaster-4k-hevc:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:provideoinstruments:vecaster-hd-sdi_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:provideoinstruments:vecaster-hd-sdi:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Jtechdigital Subscribe
H.264 Iptv Encoder 1080p\@60hz Subscribe
H.264 Iptv Encoder 1080p\@60hz Firmware Subscribe
Provideoinstruments Subscribe
Vecaster-4k-hevc Subscribe
Vecaster-4k-hevc Firmware Subscribe
Vecaster-hd-h264 Subscribe
Vecaster-hd-h264 Firmware Subscribe
Vecaster-hd-hevc Subscribe
Vecaster-hd-hevc Firmware Subscribe
Vecaster-hd-sdi Subscribe
Vecaster-hd-sdi Firmware Subscribe
Szuray Subscribe
Iptv\/h.264 Video Encoder Firmware Subscribe
Iptv\/h.265 Video Encoder Firmware Subscribe
Uaioe264-1u Subscribe
Uaioe265-1u Subscribe
Uce264-1-mini Subscribe
Uce264-1wb-mini Subscribe
Uce264-4-1u Subscribe
Uce264-8-1u Subscribe
Uhae264-16 Subscribe
Uhae265-1-mini Subscribe
Uhae265-1wb-mini Subscribe
Uhae265-4-1u Subscribe
Uhce264-1 Subscribe
Uhce264-16p32 Subscribe
Uhce264-1p2 Subscribe
Uhce264-1p2-1u Subscribe
Uhce264-1s Subscribe
Uhce264-1w Subscribe
Uhce264-1ws Subscribe
Uhce264-4p8 Subscribe
Uhe264-1-4k Subscribe
Uhe264-16 Subscribe
Uhe264-16l-3u Subscribe
Uhe264-16s-2u Subscribe
Uhe264-1l Subscribe
Uhe264-1l-4k Subscribe
Uhe264-1lw Subscribe
Uhe264-1s Subscribe
Uhe264-1s-mini Subscribe
Uhe264-1w-mini Subscribe
Uhe264-1wb-4g Subscribe
Uhe264-1wb-mini Subscribe
Uhe264-1wbs-2b Subscribe
Uhe264-1wbs-mini Subscribe
Uhe264-1ws-mini Subscribe
Uhe264-2-1u Subscribe
Uhe264-4 Subscribe
Uhe264-4-1u Subscribe
Uhe264-4l-1u Subscribe
Uhe264-8 Subscribe
Uhe264-8-1u Subscribe
Uhe264-8l-3u Subscribe
Uhe264-8s-2u Subscribe
Uhe265-1 Subscribe
Uhe265-1-1u Subscribe
Uhe265-1-4k Subscribe
Uhe265-1-mini Subscribe
Uhe265-16-3u Subscribe
Uhe265-16l-3u Subscribe
Uhe265-1l Subscribe
Uhe265-1lw Subscribe
Uhe265-1s-4k Subscribe
Uhe265-1s-mini Subscribe
Uhe265-1w Subscribe
Uhe265-1w-4k Subscribe
Uhe265-1w-mini Subscribe
Uhe265-1wb-4g Subscribe
Uhe265-1wb-mini Subscribe
Uhe265-1wbs-mini Subscribe
Uhe265-2-1u Subscribe
Uhe265-4 Subscribe
Uhe265-4-1u Subscribe
Uhe265-4s Subscribe
Uhe265-4s-1u Subscribe
Uhe265-8-1u Subscribe
Uhe265-8l-3u Subscribe
Uhe265-8s-1u Subscribe
Uhse265-1u Subscribe
Use264-16-3u Subscribe
Use264-1l Subscribe
Use264-1l-1u Subscribe
Use264-1l-mini Subscribe
Use264-1lw Subscribe
Use264-1wb-l Subscribe
Use264-4l-1u Subscribe
Use264-8-1u Subscribe
Use265-1-1u Subscribe
Use265-1-mini Subscribe
Use265-16l-3u Subscribe
Use265-1l Subscribe
Use265-1l-1u Subscribe
Use265-1l-mini Subscribe
Use265-1lw Subscribe
Use265-1w-mini Subscribe
Use265-1wb-4g Subscribe
Use265-1wb-l Subscribe
Use265-1wb-mini Subscribe
Use265-2-1u Subscribe
Use265-4-1u Subscribe
Use265-4l-1u Subscribe
Use265-8-1u Subscribe
Uve264-1l Subscribe
Uve264-1lw Subscribe
Uve265-1 Subscribe
Uve265-1w Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2020-16951 An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ cve-icon cve-icon
https://www.kb.cert.org/vuls/id/896979 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T15:12:08.336Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-24216

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-10-06T14:15:12.277

Modified: 2024-11-21T05:14:30.603

Link: CVE-2020-24216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses