Alexei Kojenov

**Name of the Vulnerable Software and Affected Versions** box application on HiSilicon based IPTV/H.264/H.265 video encoders (affected versions not specified) **Description** An issue in the box application allows attackers to send a crafted unauthenticated RTSP request, causing a buffer overflow and application crash. This results in the device being unable to perform video encoding and streaming for up to a minute, until it automatically reboots. Attackers can exploit this by sending malicious requests once a minute, effectively disabling the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** box application on HiSilicon based IPTV/H.264/H.265 video encoders (affected versions not specified) **Description** An issue was discovered in the box application, where attackers can use hard-coded credentials in HTTP requests to perform administrative tasks, including retrieving the device's configuration with the cleartext admin password, and uploading a custom firmware update to achieve arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** box application on HiSilicon based IPTV/H.264/H.265 video encoders (affected versions not specified) **Description** An issue in the box application allows unauthenticated attackers to view private video streams. When an administrator sets up a secret URL for RTSP streaming, the stream remains accessible via its default name, such as /0. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** URayTech IPTV/H.264/H.265 video encoders versions prior to 1.98 **Description** An issue was discovered that allows attackers to log in as root via a hard-coded password in the executable file. **Recommendations** For versions prior to 1.98, update to version 1.98 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** URayTech IPTV/H.264/H.265 video encoders versions through 1.97 **Description** An issue allows attackers to send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws. This enables retrieval of any file from the device's file system, including the configuration file containing the cleartext administrative password. **Recommendations** For versions through 1.97, update to a version that addresses the path traversal and pattern-matching programming flaws to prevent exploitation. As a temporary workaround, consider restricting access to the device's file system and limiting the use of HTTP requests until a patch is available.

**Name of the Vulnerable Software and Affected Versions** HiSilicon Hi3520D (affected versions not specified) **Description** The issue is related to the lack of authentication for a critical function in the HiSilicon Hi3520D chip set's firmware. This can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. Specifically, the file-upload endpoint in the box application on HiSilicon based IPTV/H.264/H.265 video encoders does not enforce authentication, allowing attackers to send an unauthenticated HTTP request to upload a custom firmware component, which can lead to arbitrary code execution. **Recommendations** As a temporary workaround, consider disabling the file-upload functionality until a patch is available. Restrict access to the box application on HiSilicon based IPTV/H.264/H.265 video encoders to minimize the risk of exploitation. Avoid using the file-upload endpoint in the affected application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.