GCVE - cpe:2.3:o:provideoinstruments:vecaster-hd-sdi

Approved changes feed: RSS · Atom

cpe:2.3:o:provideoinstruments:vecaster-hd-sdi_firmware:-:*:*:*:*:*:*:*

part: o version: - update: *

Vendor	Provideoinstruments (`f75c38e1-7b23-5b02-a597-a49af5c70fad`)
Product	Vecaster Hd Sdi Firmware (`62a66b7e-08d5-5d8a-ab07-07ee3edc7d6d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-24217`	vulnerable	2026-06-08 05:22:32.534223	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution. Published: 2020-10-06T13:05:36.000Z Updated: 2024-08-04T15:12:07.203Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ http://packetstormsecurity.com/files/159599/HiSilicon-Video-Encoder-Malicious-Firmware-Code-Execution.html http://packetstormsecurity.com/files/159597/HiSilicon-Video-Encoder-Command-Injection.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24216`	vulnerable	2026-06-08 05:22:32.525802	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private. Published: 2020-10-06T13:02:48.000Z Updated: 2024-08-04T15:12:08.336Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24215`	vulnerable	2026-06-08 05:22:32.509824	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. Published: 2020-10-06T13:00:33.000Z Updated: 2024-08-04T15:12:08.683Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ http://packetstormsecurity.com/files/159601/HiSilicon-Video-Encoder-Backdoor-Password.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24214`	vulnerable	2026-06-08 05:22:32.500576	Details available An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device. Published: 2020-10-06T12:58:05.000Z Updated: 2024-08-04T15:12:08.326Z Open on db.gcve.eu Reference links https://www.kb.cert.org/vuls/id/896979 https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

ProVideoInstruments VECASTER-HD-SDI Firmware

PURL mappings

Vulnerability references

Contribute