2020-10-06 13:00:33
mitre
PUBLISHED
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the devices configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution.