CVE-2020-24214
published 2020-10-06CVE-2020-24214: An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
35.39%
98.2th percentile
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized RTSP CSeq header values (e.g., 3000+ repeated characters) sent to RTSP servers on HiSilicon-based encoders; a legitimate CSeq is a small integer, not a multi-kilobyte string. ↗
- →Alert on unauthenticated RTSP OPTIONS requests containing an abnormally large CSeq header field, which is the exploit delivery mechanism for this buffer overflow. ↗
- →Monitor HiSilicon-based IPTV/H.264/H.265 video encoder devices for unexpected reboots or loss of RTSP service approximately every 60 seconds, which may indicate repeated exploitation. ↗
- →The exploit uses plain TCP (telnet) to deliver the malformed RTSP payload; inspect raw TCP streams to the RTSP port for OPTIONS requests with CSeq values exceeding normal length bounds. ↗
- ·The exploit port is user-supplied and not hardcoded; the RTSP service may run on a non-standard port. Detection rules should not be limited to port 554 alone. ↗
- ·This vulnerability affects multiple vendors' devices built on HiSilicon hardware (URayTech, J-Tech Digital, ProVideoInstruments); the 'box' application is vendor-specific, so version fingerprinting will vary by vendor. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.htmlhttps://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/https://www.kb.cert.org/vuls/id/896979http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.htmlhttps://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/https://www.kb.cert.org/vuls/id/896979
2020-10-06
Published