Skip to content

Instantly share code, notes, and snippets.

@vulnfan1337 vulnfan1337/vuln-hi3516
Last active May 2, 2019

Embed
What would you like to do?
Vulnerability found in hisilicon HI3516
############### DESCRIPTION ###################
A buffer overflow vulnerability in the streaming server provided by
hisilicon in HI3516 models allows an unauthenticated attacker to
remotely run arbitrary root code by sending a special RTSP over HTTP
packet during the authentication stage in the protocol.
############# AFFECTED PRODUCTS ###############
The vulnerability was found in many cameras using hisilicon's
hardware and software, as demonstrated by:
TENVIS cameras 1.3.3.3, 1.2.7.2, 1.2.1.4, 7.1.20.1.2, and 13.1.1.1.7.2;
FDT FD7902 11.3.14.1.3 and 10.3.14.1.3;
FOSCAM cameras 3.2.1.1.1_0815 and 3.2.2.2.1_0815;
Dericam cameras V11.3.8.1.12.
The vulnerability was found in many cameras using hisilicon's
hardware and software and in high probability is also found in cameras
that are not listed in the above list (but still use hisilicon's products).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.