URayTech UVE264-1L
Approved changes feed: RSS · Atom
cpe:2.3:h:szuray:uve264-1l:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Szuray (9262d201-71ec-5c19-9413-29a5d3472941) |
|---|---|
| Product | Uve264 1L (561e638e-7097-5bf8-bbd1-f7e32fb581f5) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-24219 |
not_vulnerable | 2026-06-03 14:42:06.103221 |
Details available
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password.
Published: 2020-10-06T13:16:05.000Z
Updated: 2024-08-04T15:12:07.227Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24218 |
not_vulnerable | 2026-06-03 14:42:06.095609 |
Details available
An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file.
Published: 2020-10-06T13:10:17.000Z
Updated: 2024-08-04T15:12:08.589Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24217 |
not_vulnerable | 2026-06-03 14:42:06.065580 |
Details available
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution.
Published: 2020-10-06T13:05:36.000Z
Updated: 2024-08-04T15:12:07.203Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24216 |
not_vulnerable | 2026-06-03 14:42:06.062551 |
Details available
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.
Published: 2020-10-06T13:02:48.000Z
Updated: 2024-08-04T15:12:08.336Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24215 |
not_vulnerable | 2026-06-03 14:42:06.059761 |
Details available
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution.
Published: 2020-10-06T13:00:33.000Z
Updated: 2024-08-04T15:12:08.683Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-24214 |
not_vulnerable | 2026-06-03 14:42:06.028848 |
Details available
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device.
Published: 2020-10-06T12:58:05.000Z
Updated: 2024-08-04T15:12:08.326Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.