Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Szuray Subscribe
Filtered by product Uaioe264-1u
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24219 1 Szuray 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more 2022-01-06 7.8 HIGH 7.5 HIGH
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.
CVE-2020-24217 3 Jtechdigital, Provideoinstruments, Szuray 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more 2022-01-01 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution.
CVE-2020-24214 3 Jtechdigital, Provideoinstruments, Szuray 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more 2020-10-20 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device.
CVE-2020-24215 3 Jtechdigital, Provideoinstruments, Szuray 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more 2020-10-20 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution.
CVE-2020-24216 3 Jtechdigital, Provideoinstruments, Szuray 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more 2020-10-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.
CVE-2020-24218 1 Szuray 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more 2020-10-19 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.