Salesforce security engineer Alexei Kojenov outlines a series of flaws affecting video encoders powered by the hi3520d chipset from Huawei’s HiSilicon subsidiary. The critical flaws include: an administrative interface with a backdoor password (CVE-2020-24215) and root access via telnet. The vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. Huawei says all the vulnerabilities mentioned in the report reside in the application layer provided by the equipment vendors.
Source: https://www.theregister.com/2020/09/17/huawei_iptv_video_encoder_security/