An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device.
References
| Link | Resource |
|---|---|
| https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/ | Exploit Third Party Advisory |
| https://www.kb.cert.org/vuls/id/896979 | Third Party Advisory US Government Resource |
| http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.html | Exploit Third Party Advisory |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Information
Published : 2020-10-06 06:15
Updated : 2020-10-20 09:28
NVD link : CVE-2020-24214
Mitre link : CVE-2020-24214
JSON object : View
CWE
Advertisement
Products Affected
szuray
- uhce264-1s
- uhe265-1s-mini
- uhe264-8l-3u
- uhe265-4s
- uhe264-16
- uhce264-1
- uhe265-1w-mini
- uhe264-8-1u
- uhe265-8-1u
- use265-1wb-4g
- uhe265-4s-1u
- uhae265-1-mini
- uhe264-16s-2u
- uhe265-1wb-4g
- use264-1l-mini
- use264-1l-1u
- uhe264-1lw
- uhe265-1
- uhe264-1wb-4g
- uhe264-8
- uhe264-8s-2u
- use265-1-1u
- use265-1l
- uhe265-1-mini
- use265-1wb-l
- uce264-1-mini
- uhe265-1w-4k
- uhe264-1wbs-mini
- uve265-1
- use265-8-1u
- uhe265-1-4k
- use265-1l-mini
- uve264-1l
- uhe265-1-1u
- uhe265-2-1u
- uce264-4-1u
- uve264-1lw
- uhe265-1l
- uhe264-1w-mini
- uhe264-4
- uhce264-16p32
- use265-1wb-mini
- use265-16l-3u
- use264-8-1u
- use265-2-1u
- uhe264-1s
- uhe264-2-1u
- uhae265-1wb-mini
- uce264-8-1u
- use264-16-3u
- uhe264-1l-4k
- uve265-1w
- uhe264-16l-3u
- uaioe265-1u
- uhe264-1s-mini
- uhae264-16
- uhce264-4p8
- use264-1lw
- uhe265-1wb-mini
- uhe264-1wbs-2b
- uhe264-1-4k
- use265-1lw
- uhe264-1ws-mini
- use264-1l
- uhae265-4-1u
- uhce264-1ws
- iptv\/h.264_video_encoder_firmware
- uhce264-1w
- uhe265-1lw
- use265-1w-mini
- uhce264-1p2
- use265-4-1u
- uhe265-16-3u
- use265-4l-1u
- iptv\/h.265_video_encoder_firmware
- uhe264-4l-1u
- use264-4l-1u
- uhse265-1u
- uhe264-1wb-mini
- uhe265-16l-3u
- uhe265-8s-1u
- uce264-1wb-mini
- uhe264-1l
- use265-1-mini
- uhe264-4-1u
- uhe265-8l-3u
- uhe265-1s-4k
- uhe265-1w
- uhce264-1p2-1u
- use265-1l-1u
- use264-1wb-l
- uaioe264-1u
- uhe265-4
- uhe265-1wbs-mini
- uhe265-4-1u
provideoinstruments
- vecaster-hd-h264
- vecaster-4k-hevc
- vecaster-4k-hevc_firmware
- vecaster-hd-h264_firmware
- vecaster-hd-hevc_firmware
- vecaster-hd-sdi_firmware
- vecaster-hd-sdi
- vecaster-hd-hevc
jtechdigital
- h.264_iptv_encoder_1080p\@60hz_firmware
- h.264_iptv_encoder_1080p\@60hz