Simple exploit scripts for the backdoor and other vulnerabilities in video encoders based on hi3520d HiSilicon hardware:
- unauthenticated RTSP buffer overflow denial of service (CVE-2020-24214)
- full admin access via backdoor password (CVE-2020-24215)
- RCE via unauthenticated upload of malicious firmware (CVE-2020-24217)
- RCE via unauthenticated command injection (CVE-2020-24217)
- unauthenticated file disclosure via path traversal (CVE-2020-24219)
For more details, see the full writeup:
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities
