CVE-2020-24214
📋 TL;DR
This vulnerability allows unauthenticated attackers to send crafted RTSP requests to HiSilicon-based video encoders, causing a buffer overflow that crashes the application. The device becomes unable to encode or stream video for up to a minute until it automatically reboots, effectively disabling it if attacks are repeated. Organizations using affected HiSilicon IPTV/H.264/H.265 video encoders are at risk.
💻 Affected Systems
- HiSilicon-based IPTV/H.264/H.265 video encoders
📦 What is this software?
H.264 Iptv Encoder 1080p\@60hz Firmware by Jtechdigital
View all CVEs affecting H.264 Iptv Encoder 1080p\@60hz Firmware →
Iptv\/h.264 Video Encoder Firmware by Szuray
View all CVEs affecting Iptv\/h.264 Video Encoder Firmware →
Iptv\/h.265 Video Encoder Firmware by Szuray
View all CVEs affecting Iptv\/h.265 Video Encoder Firmware →
Vecaster 4k Hevc Firmware by Provideoinstruments
Vecaster Hd H264 Firmware by Provideoinstruments
Vecaster Hd Hevc Firmware by Provideoinstruments
Vecaster Hd Sdi Firmware by Provideoinstruments
⚠️ Risk & Real-World Impact
Worst Case
Attackers can send malicious requests once per minute to perpetually disable video encoding and streaming capabilities, creating sustained denial of service for surveillance, broadcasting, or monitoring systems.
Likely Case
Attackers exploit this to cause repeated device crashes and reboots, disrupting video services for extended periods and potentially creating security blind spots.
If Mitigated
With proper network segmentation and access controls, impact is limited to isolated network segments with minimal service disruption.
🎯 Exploit Status
Exploit code is publicly available on Packet Storm Security and other sources. Attack requires only network access to RTSP port (typically 554).
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: No official vendor advisory found
Restart Required: No
Instructions:
No official patch available. Check with device manufacturer for firmware updates. Consider replacing affected devices with patched versions if available.
🔧 Temporary Workarounds
Network Segmentation and Access Control
linuxRestrict RTSP port (typically 554) access to trusted networks only using firewall rules
iptables -A INPUT -p tcp --dport 554 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 554 -j DROP
RTSP Service Disablement
allDisable RTSP service if not required for device functionality
Check device configuration interface for RTSP service toggle
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict access controls
- Implement network monitoring for abnormal RTSP traffic patterns
🔍 How to Verify
Check if Vulnerable:
Test by sending crafted RTSP request to port 554 and observing if device crashes/reboots. Use public PoC scripts with caution in test environment only.Check Version:
Check device web interface or console for firmware version. Command varies by manufacturer.Verify Fix Applied:
After applying workarounds, test that RTSP service is either inaccessible from untrusted networks or disabled entirely.📡 Detection & Monitoring
Log Indicators:
- Device reboot logs
- Application crash logs
- Abnormal RTSP connection attempts
Network Indicators:
- Malformed RTSP packets to port 554
- Repeated connection attempts to RTSP service
- Traffic patterns matching known exploit signatures
SIEM Query:
source_port=554 AND (payload_contains="RTSP" AND payload_size>threshold) OR device_reboot_event🔗 References
- http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.html
- https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
- https://www.kb.cert.org/vuls/id/896979
- http://packetstormsecurity.com/files/159605/HiSilicon-Video-Encoder-Buffer-Overflow-Denial-Of-Service.html
- https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
- https://www.kb.cert.org/vuls/id/896979
