![]() ![]() ![]() Arbitrary code execution via malicious firmware upload.Full admin interface access via backdoor password (CVE-2020-24215).The following vulnerabilities were identified: Unauthorized video stream access via RTSP (CVE-2020-24216).Buffer overflow: definite DoS and potential RCE (CVE-2020-24214).Arbitrary code execution via command injection.Arbitrary code execution by uploading malicious firmware. ![]() Unauthenticated file upload (CVE-2020-24217).Arbitrary file disclosure via path traversal (CVE-2020-24219).I hope that my detailed write-up serves as a guide for more security research in the IoT world. With multiple vendors affected, and no complete fixes at the time of the publication, these encoders should only be used on fully trusted networks behind firewalls. All vulnerabilities are exploitable remotely and can lead to sensitive information exposure, denial of service, and remote code execution resulting in full takeover of the device. The vulnerabilities exist in vendor application software running on these devices. This article discloses critical vulnerabilities in IPTV/H.264/H.265 video encoders based on HiSilicon hi3520d hardware. Backdoors and other vulnerabilities in HiSilicon based hardware video encoders ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |