CVE-2019-11560 : What You Need to Know
Discover the critical security vulnerability in Hisilicon's streaming server in HI3516 models allowing remote code execution. Learn about affected cameras and mitigation steps.
A security vulnerability has been discovered in the streaming server provided by Hisilicon in HI3516 models, allowing remote code execution by unauthenticated attackers through a specific RTSP over HTTP packet. This vulnerability affects various cameras using Hisilicon's hardware and software, including TENVIS, FDT FD7902, FOSCAM, and Dericam.
Understanding CVE-2019-11560
This CVE identifies a critical security flaw in Hisilicon's streaming server that poses a significant risk to affected devices.
What is CVE-2019-11560?
The vulnerability in the Hisilicon streaming server in HI3516 models enables attackers without authentication to execute arbitrary code remotely by sending a particular RTSP over HTTP packet.
The Impact of CVE-2019-11560
The vulnerability affects numerous cameras utilizing Hisilicon's hardware and software, such as TENVIS, FDT FD7902, FOSCAM, and Dericam, potentially exposing them to unauthorized remote code execution.
Technical Details of CVE-2019-11560
This section delves into the specific technical aspects of the vulnerability.
Vulnerability Description
A buffer overflow vulnerability in the Hisilicon streaming server in HI3516 models allows unauthenticated attackers to run arbitrary code remotely by exploiting a special RTSP over HTTP packet.
Affected Systems and Versions
- TENVIS cameras with versions 1.3.3.3, 1.2.7.2, 1.2.1.4, 7.1.20.1.2, and 13.1.1.1.7.2
- FDT FD7902 cameras with versions 11.3.14.1.3 and 10.3.14.1.3
- FOSCAM cameras with versions 3.2.1.1.1_0815 and 3.2.2.2.1_0815
- Dericam cameras with version V11.3.8.1.12
Exploitation Mechanism
The vulnerability can be exploited by sending a specific RTSP over HTTP packet to the affected devices, triggering a buffer overflow and allowing the execution of arbitrary code.
Mitigation and Prevention
To address and prevent the exploitation of CVE-2019-11560, the following steps are recommended:
Immediate Steps to Take
- Disable remote access to the affected devices if not required
- Implement network segmentation to isolate vulnerable devices
- Monitor network traffic for any suspicious activity
Long-Term Security Practices
- Regularly update firmware and software on the affected devices
- Conduct security assessments and penetration testing on the devices
- Educate users on best security practices and awareness
Patching and Updates
- Apply patches and updates provided by the device manufacturers to mitigate the vulnerability