{"vuid":"VU#896979","idnumber":"896979","name":"IPTV encoder devices contain multiple vulnerabilities","keywords":null,"overview":"### Overview\r\nMultiple vulnerabilities exist in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system.\r\n\r\n### Description\r\nIPTV/H.264/H.265 video encoder devices provide video streaming capability over IP networks. The underlying  software in these devices seem to share common components that have multiple weaknesses in their design and default configuration.\r\n\r\nThe vulnerabilities occur primarily in the network services such as web and telnet interfaces. These vulnerabilities stem from software bugs, such as  insufficient validation of user input and the use of insecure credentials through hard-coded passwords. [https://owasp.org/www-project-top-ten/](https://owasp.org/www-project-top-ten/). The vulnerable components may also be present in other Internet of Things (IoT) devices.\r\n\r\nThese devices are manufactured using components acquired from a complex  supply chain and are often sold through common outlets such as retail stores and e-commerce websites.  This makes it difficult to  identify impacted devices and notify the appropriate stakeholders, thus illustrating the dire need for Software Bill of Materials [SBOM](https://ntia.gov/SBOM/) in this growing and complex digital market.\r\n\r\nFurther details of these vulnerabilities can be found in [this blog post](https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/) by Alexei Kojenov.\r\n\r\n### Impact\r\nThe impact of these vulnerabilities are summarized in the following list:\r\n\r\n1. Full administrative access via backdoor password (CVE-2020-24215)\r\n2. Administrative root access via backdoor password (CVE-2020-24218)\r\n3. Arbitrary file read via path traversal  (CVE-2020-24219)\r\n4. Unauthenticated file upload (CVE-2020-24217)\r\n5. Arbitrary code execution by uploading malicious firmware (CVE-2020-24217)\r\n6. Arbitrary code execution via command injection (CVE-2020-24217)\r\n7. Denial of service via buffer overflow (CVE-2020-24214)\r\n8. Unauthorized video stream access via RTSP (CVE-2020-24216)\r\n\r\n### Solution\r\n\r\n#### Apply Updates\r\nContact your vendor. See also the Vendor Information section below.\r\n\r\n#### Restrict network access\r\nRestrict network access of these devices to a well protect local area network (LAN) or through a firewall. Allowing direct Internet access to these devices increases the risk of compromise and potential abuse from an unauthorized remote attacker.\r\n\r\n### Acknowledgements\r\nAlexei Kojenov  [https://kojenov.com/](https://kojenov.com/) researched and reported these vulnerabilities.\r\n\r\nThis document was written by Vijay Sarvepalli.","clean_desc":null,"impact":null,"resolution":null,"workarounds":null,"sysaffected":null,"thanks":null,"author":null,"public":["https://study.com/academy/lesson/video-over-ip-definition-characteristics.html","https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project","https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/","https://www.huawei.com/en/psirt/security-notices/2020/huawei-sn-20200917-01-hisilicon-en","https://www.huawei.com/en/psirt/security-notices/2020/huawei-sn-20200205-01-hisilicon-en"],"cveids":["CVE-2020-24219","CVE-2020-24217","CVE-2020-24214","CVE-2020-24216","CVE-2020-24215","CVE-2020-24218"],"certadvisory":null,"uscerttechnicalalert":null,"datecreated":"2020-09-15T17:56:06.872959Z","publicdate":"2020-09-15T17:56:06.498890Z","datefirstpublished":"2020-09-15T17:56:06.893161Z","dateupdated":"2022-02-11T16:25:32.517052Z","revision":9,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":null,"cvss_basevector":null,"cvss_temporalscore":null,"cvss_environmentalscore":null,"cvss_environmentalvector":null,"metric":null,"vulnote":19}