GCVE - cpe:2.3:h:provideoinstruments:vecaster-4k-hevc:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:provideoinstruments:vecaster-4k-hevc:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Provideoinstruments (`f75c38e1-7b23-5b02-a597-a49af5c70fad`)
Product	Vecaster 4K Hevc (`0c0e806c-c8b7-510f-8086-ab28af121366`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-24217`	not_vulnerable	2026-06-08 05:22:32.534112	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution. Published: 2020-10-06T13:05:36.000Z Updated: 2024-08-04T15:12:07.203Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ http://packetstormsecurity.com/files/159599/HiSilicon-Video-Encoder-Malicious-Firmware-Code-Execution.html http://packetstormsecurity.com/files/159597/HiSilicon-Video-Encoder-Command-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24216`	not_vulnerable	2026-06-08 05:22:32.525782	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private. Published: 2020-10-06T13:02:48.000Z Updated: 2024-08-04T15:12:08.336Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24215`	not_vulnerable	2026-06-08 05:22:32.509706	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. Published: 2020-10-06T13:00:33.000Z Updated: 2024-08-04T15:12:08.683Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ http://packetstormsecurity.com/files/159601/HiSilicon-Video-Encoder-Backdoor-Password.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24214`	not_vulnerable	2026-06-08 05:22:32.499623	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device. Published: 2020-10-06T12:58:05.000Z Updated: 2024-08-04T15:12:08.326Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

ProVideoInstruments VECASTER-4K-HEVC

PURL mappings

Vulnerability references

Contribute