CVE-2020-24215

Name of the Vulnerable Software and Affected Versions box application on HiSilicon based IPTV/H.264/H.265 video encoders (affected versions not specified)

Description An issue was discovered in the box application, where attackers can use hard-coded credentials in HTTP requests to perform administrative tasks, including retrieving the device's configuration with the cleartext admin password, and uploading a custom firmware update to achieve arbitrary code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.