An issue exists in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
szuray iptv/h.264 video encoder firmware - |
||
szuray iptv/h.265 video encoder firmware - |
||
jtechdigital h.264 iptv encoder 1080p@60hz firmware - |
||
provideoinstruments vecaster-hd-h264 firmware - |
||
provideoinstruments vecaster-hd-hevc firmware - |
||
provideoinstruments vecaster-4k-hevc firmware - |
||
provideoinstruments vecaster-hd-sdi firmware - |
Telecom kit maker points finger in the general direction of Middle Kingdom's complicated supply chain Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
Hardware video encoders from multiple suppliers contain several critical security bugs that allow a remote unauthenticated miscreant to run arbitrary code on the equipment. In a disclosure published this week, Alexei Kojenov, lead product security engineer at Salesforce, outlined a series of flaws affecting IPTV/H.264/H.265 video encoders powered by the hi3520d chipset from Huawei's HiSilicon subsidiary. The security holes are present in software, whose developer is unknown, that runs on top of ...