CVE-2020-24214

Name of the Vulnerable Software and Affected Versions box application on HiSilicon based IPTV/H.264/H.265 video encoders (affected versions not specified)

Description An issue in the box application allows attackers to send a crafted unauthenticated RTSP request, causing a buffer overflow and application crash. This results in the device being unable to perform video encoding and streaming for up to a minute, until it automatically reboots. Attackers can exploit this by sending malicious requests once a minute, effectively disabling the device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.