IPTV encoder devices contain multiple vulnerabilities
by CIRT Team
Multiple vulnerabilities exist in various Video Over IP (Internet Protocol) encoder devices, also known as IPTV/H.264/H.265 video encoders. These vulnerabilities allow an unauthenticated remote attacker to execute arbitrary code and perform other unauthorized actions on a vulnerable system.
• Full administrative access via backdoor password (CVE-2020-24215)
• Administrative root access via backdoor password (CVE-2020-24218)
• Arbitrary file read via path traversal (CVE-2020-24219)
• Unauthenticated file upload (CVE-2020-24217)
• Arbitrary code execution by uploading malicious firmware (CVE-2020-24217)
• Arbitrary code execution via command injection (CVE-2020-24217)
• Denial of service via buffer overflow (CVE-2020-24214)
• Unauthorized video stream access via RTSP (CVE-2020-24216)
• J-Tech Digital
• Provideo Instruments Inc.
26 Oct 2023 - Security Advisories & Alerts