Attackers were able to attack various software video encoders and gain full control over gates that use these encoders. The reason for the coarse part as "critical" classified security.
According to a report of the security researcher Alexei Kojenov, the vulnerability in software video encoders can be found on the basis of the HI3520D chipset. This comes from Huawei subsidiary Hisilicon. The affected software encodes video data with the codecs H.264 and H.265 and provides the streams for example in the network.
Various attacks possible
All licking should be exploited from afar. If attacks are successful, attackers were able to leave information LEAKEN, drag devices via DOS attack or even shadeable exports. In his report, the researcher leaves detailed information about the light.
Some vulnerabilities he leads to the missing coding knowledge of the developer back. A LUCKE (CVE-2020-24215) in the form of a well-known password for admin access, however, he clearly arranges as an intended backtime.
The problem is: The affected software encoders come in many cases used and so far, according to the security researcher, there is no complete patches. He has contacted the Cert Coordination Center in contact and affected manufacturers have already been contacted. According to the researcher, but has so far only one.
According to him, many vulnerable devices can be reached directly from the Internet. When the chip is used in advised, Admins should be simplified this at least behind a firewall.
whose fault is it?
In this context, the amption is suggested that, for example, the backtime of Hisilicon has been implemented. That demonstrates Huawei in a statement. They are that the weak points do not come from the chips and the SDKS of Hisilicon. The origin of the weak points is so far unclear.
(Update 18.09.2020 16:20 clock)
What is concretely affected by the vulnerabilities in the text.