The vulnerability It has been discovered by researcher Alexei Kojenov. This vulnerability is present in IPTV encoders, H.264 and H.265 hardware-based HiSilicon hi3520d. The vulnerabilities reside in the software running on these devices, and all of them can be exploited remotely, which can lead to leakage of sensitive information, DoS attacks, remote code execution, and full control of the device without user awareness. find out. There are several manufacturers affected, and there are no solutions at the software level at the moment.
8 vulnerabilities, including a back door
In total, there are eight vulnerabilities discovered, with the following CVE codes:
Full administrative access via backdoor password (CVE-2020-24215) Administrative root access via backdoor password (CVE-2020-24218) Arbitrary file read via path traversal (CVE-2020-24219) Unauthenticated file upload (CVE-2020-24217) Arbitrary code execution by uploading malicious firmware (CVE-2020-24217) Arbitrary code execution via command injection (CVE-2020-24217) Denial of service via buffer overflow (CVE-2020-24214) Unauthorized video stream access via RTSP (CVE-2020- 24216)
Devices found to be vulnerable include corporate devices URayTech, J-Tech Digital and Pro Video Instruments, although there are more than a dozen manufacturers that sell devices based on the same hardware, including Network Technologies Incorporated (NTI), Oupree, MINE Technology, Blankom, ISEEVY, Orivision, WorldKast / proceed and Digicast.
These types of devices are often used for streaming IP content over the Internet, converting uncompressed signals to codecs such as H.264 or H.265 to distribute them over the Internet on platforms such as YouTube, or through protocols such as RTSP or HLS. Many of these devices have a panel that allows you to control a multitude of details, in addition to using the vulnerable HiSilicon chip. Other similar vulnerabilities have been discovered in the company’s chips in the past, such as in 2013 where it was possible to guess the administrator password. Back doors were also discovered on security cameras in February this year.
To access the device with administrator permission, Kojenov only had to recompile the firmware by changing the administrator password, and from then on he had full access to the device. We can see a video of the vulnerabilities in operation.
HiSilicon is owned by Huawei
The only solution at the moment is to run these devices over a well-protected LAN or through a firewall. What is really serious about this issue is that, although some of the vulnerabilities seem accidental and unintended, one of them is: the inclusion of a master password to have full access to the device. This is a very serious type of backdoor that exposes the user who suffers it to a complete leak of their information.
Curiously, HiSilicon is owned by Huawei, who has been accused of including back doors in their devices. This company is in charge of designing its Kirin processors, so the accusations of espionage from the United States could have some real basis, although the existence of back doors in any device manufactured by Huawei, including cell phones or antennas, has not been proven.