Breaking News

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here! TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025 XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU Speedlink announces illuminated mechanical 60% gaming keyboard

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Researcher Found Backdoor Vulnerability in Firmware for HiSilicon-based DVRs, NVRs and IP cameras

Researcher Found Backdoor Vulnerability in Firmware for HiSilicon-based DVRs, NVRs and IP cameras

Enterprise & IT Feb 4,2020 0

Russian security researcher Vladislav Yarmak disclosed a recent backdoor integrated into DVR/NVR devices built on top of HiSilicon SoC.

The vulnerability allows attacker to gain root shell access and full control of device.

Yarmak says it did not report the issue to HiSilicon citing a lack of trust in the vendor to properly fix the issue.

The security researcher says the backdoor mechanism is actually a combination of four older security bugs/backdoors that were initially discovered and made public in March 2013, March 2017, July 2017, and September 2017.

"Apparently, all these years HiSilicon was unwilling or incapable to provide adequate security fixes for [the] same backdoor which, by the way, was implemented intentionally," Yarmak said.

According to Yarmak, the backdoor can be exploited by sending a series of commands over TCP port 9530 to devices that use HiSilicon chips.

The commands will enable the Telnet service on a vulnerable device.

Yarmak says that once the Telnet service is up and running, the attacker can log in with one of the six Telnet credentials listed below, and gain access to a root account that grants them complete control over a vulnerable device.

Since firmware patches are not available, the security researcher has created proof-of-concept (PoC) code that can be used to test if a "smart" device is running on top of HiSilicon system-on-chip (SoC), and if that SoC is vulnerable to attacks that can enable its Telnet service.

If a device is found to be vulnerable, the Russian researcher advises that device owners should ditch and replace the equipment.

Yarmak also recommends that users "should completely restrict network access to these devices to trusted users," especially on device ports 23/tcp, 9530/tcp, 9527/tcp -- the ports that can be exploited in attacks.

Tags: HiSiliconCybersecurity
Previous Post
Disney+ Hooks 28.6 million Subscribers
Next Post
Matrox and Xilinx Develop New Display Controllers for Video Walls

Related Posts

  • Intel Confirms "Thunderspy" Risk in Thuerbolt Devices

  • Chinese HiSilicon Semi Supplier Appears in Top-10 Semiconductor Suppliers List

  • Apple Says 'No Evidence' iPhone Mail Bug Used Against Consumers

  • Malwarebytes Introduces VPN Service

  • Google Says State-backed Hackers Use Coronavirus For Phishing Attacks

  • Apple to Patch Serious iOS Vulnerability

  • Huawei's HiSilicon Chip unit Turns to Domestic SMIC For Some Chip Orders

  • Apple is The Most Imitated Brand For Phishing in Q1 2020

Latest News

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs
Cooling Systems

SAMA Expands CPU Cooling Lineup with A60 and A40 Series Air Coolers for Gaming and Creator PCs

The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here!
Enterprise & IT

The Lockerstor 12R Pro Gen2 and 16R Pro Gen2 are Here!

TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025
Enterprise & IT

TRUSTA Highlights SSD Power Efficiency for AI Servers at OCP APAC 2025

XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU
Cooling Systems

XPG Launches VALOR NANO Compact Cases with the All-New PYMCORE SFX PSU

Speedlink announces illuminated mechanical 60% gaming keyboard
PC components

Speedlink announces illuminated mechanical 60% gaming keyboard

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Terramaster F8-SSD

Terramaster F8-SSD

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed