CVE-2020-24219
published 2020-10-06CVE-2020-24219: An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path…
PriorityP180high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
22.97%
97.5th percentile
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| szuray | iptv_h.264_video_encoder_firmware | <= 1.97 | — |
| szuray | iptv_h.265_video_encoder_firmware | <= 1.97 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP GET requests containing path traversal sequences targeting the specific intermediate path segment '13070000.jpgd' combined with '../' sequences, which is the fixed traversal gadget used in this exploit. ↗
- →Alert on HTTP requests to URayTech/HiSilicon encoder devices that include '/sys/devices/media/13070000.jpgd' in the URI path, as this is the traversal anchor string unique to this exploit. ↗
- →Monitor for unauthenticated HTTP requests retrieving '/box/box.ini', which contains the cleartext administrative password on affected devices. ↗
- →The exploit requires curl's --path-as-is flag to prevent the HTTP client from normalizing the traversal sequences before sending; detect raw un-normalized '../' sequences in HTTP request URIs to these devices. ↗
- ·Affected firmware versions are up to and including 1.97; devices running version 1.97 or below should be treated as vulnerable. ↗
- ·The vulnerability is exploitable without any authentication; no credentials are required to retrieve arbitrary files including the admin password config file. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2vjf-4p28-j7qj: An issue was discovered on URayTech IPTV/H
ghsa_unreviewed·2022-05-24
CVE-2020-24219 [HIGH] CWE-22 GHSA-2vjf-4p28-j7qj: An issue was discovered on URayTech IPTV/H
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.
VulnCheck
szuray iptv\/h.264_video_encoder_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2020·CVSS 7.5
CVE-2020-24219 [HIGH] szuray iptv\/h.264_video_encoder_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
szuray iptv\/h.264_video_encoder_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.
Affected: szuray iptv\/h.264_video_encoder_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2026-02-04&host_type=src&vuln
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159595/HiSilicon-Video-Encoder-1.97-File-Disclosure-Path-Traversal.htmlhttps://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/https://www.kb.cert.org/vuls/id/896979http://packetstormsecurity.com/files/159595/HiSilicon-Video-Encoder-1.97-File-Disclosure-Path-Traversal.htmlhttps://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/https://www.kb.cert.org/vuls/id/896979
2020-10-06
Published
Exploited in the wild