Skip to content

Instantly share code, notes, and snippets.

@vulnfan1337
vulnfan1337 / vuln-hi3516
Last active February 1, 2021 13:43
Vulnerability found in hisilicon HI3516
############### DESCRIPTION ###################
A buffer overflow vulnerability in the streaming server provided by
hisilicon in HI3516 models allows an unauthenticated attacker to
remotely run arbitrary root code by sending a special RTSP over HTTP
packet during the authentication stage in the protocol.
############# AFFECTED PRODUCTS ###############
The vulnerability was found in many cameras using hisilicon's
hardware and software, as demonstrated by: