Critical severity9.8NVD Advisory· Published Oct 6, 2020· Updated Jun 17, 2026
CVE-2020-24217
CVE-2020-24217
Description
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- HiSilicon/IPTV/H.264/H.265 video encodersdescription
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/159597/HiSilicon-Video-Encoder-Command-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- packetstormsecurity.com/files/159599/HiSilicon-Video-Encoder-Malicious-Firmware-Code-Execution.htmlnvdExploitThird Party AdvisoryVDB Entry
- kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/nvdExploitThird Party Advisory
- www.kb.cert.org/vuls/id/896979nvdThird Party AdvisoryUS Government Resource
News mentions
0No linked articles in our index yet.