CVE-2019-11560

Name of the Vulnerable Software and Affected Versions HI3516 models versions 1.2.1.4 through 1.3.3.3 HI3516 models version 7.1.20.1.2 HI3516 models version 13.1.1.1.7.2 FDT FD7902 versions 10.3.14.1.3 through 11.3.14.1.3 FOSCAM cameras versions 3.2.1.1.1 0815 through 3.2.2.2.1 0815 Dericam cameras version V11.3.8.1.12

Description A buffer overflow issue in the streaming server of HI3516 models allows an unauthenticated attacker to run arbitrary code remotely by sending a special RTSP over HTTP packet. This issue affects various cameras using hisilicon's hardware and software.

Recommendations For HI3516 models versions 1.2.1.4 through 1.3.3.3, update the firmware to a version that is not affected by this issue. For HI3516 models version 7.1.20.1.2, update the firmware to a version that is not affected by this issue. For HI3516 models version 13.1.1.1.7.2, update the firmware to a version that is not affected by this issue. For FDT FD7902 versions 10.3.14.1.3 through 11.3.14.1.3, update the firmware to a version that is not affected by this issue. For FOSCAM cameras versions 3.2.1.1.1 0815 through 3.2.2.2.1 0815, update the firmware to a version that is not affected by this issue. For Dericam cameras version V11.3.8.1.12, update the firmware to a version that is not affected by this issue. As a temporary workaround, consider disabling the RTSP over HTTP packet handling until a patch is available.