← voltar
CVE-2020-24214

CVE-2020-24214

EPSS 35.4%
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device.
Produtos afetados
n/a · n/a
PoCs públicas encontradas2
cve_referencepacketstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/48903não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.htmlhttps://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/https://www.kb.cert.org/vuls/id/896979