cbcvebase.
CVE-2020-24215
published 2020-10-06

CVE-2020-24215: An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to…

PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
18.99%
97.0th percentile
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution.

Detection & IOCsextracted from sources · hover to see the quote

otheradmin:neworange88888888
url/get_sys
commandcurl -s --user admin:neworange88888888 http://$1/get_sys
  • Detect HTTP requests to /get_sys endpoint using hardcoded credentials admin:neworange88888888 (Basic Auth header value: YWRtaW46bmV3b3JhbmdlODg4ODg4ODg=)
  • Monitor for HTTP GET requests to /get_sys on HiSilicon-based IPTV/H.264/H.265 video encoder devices, which may indicate credential harvesting or reconnaissance
  • Alert on firmware upload requests to HiSilicon-based encoder admin interfaces authenticated with the backdoor credential admin:neworange88888888, as this can lead to arbitrary code execution
  • ·The backdoor password 'neworange88888888' is hardcoded in the box application on HiSilicon-based devices; it is not vendor-specific and affects multiple vendors including URayTech, J-Tech Digital, and ProVideoInstruments
  • ·The exploit retrieves the actual admin password in cleartext from the /get_sys endpoint, meaning the real admin password may differ per device but is exposed via this backdoor
  • ·Version is described as vendor-specific; no single firmware version string is provided, making version-based detection unreliable across affected devices

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.