Cryptographic Issues in Hichip Vision Technology Firmware Affecting IoT Devices
CVE-2020-9528

7.5HIGH

Key Information:

Vendor: Hichip
Status: Shenzhen Hichip Vision Technology Firmware
Vendor: CVE Published:; 10 August 2020

What is CVE-2020-9528?

The firmware developed by Shenzhen Hichip Vision Technology, spanning versions V6 through V20, contains cryptographic vulnerabilities that allow remote attackers to exploit user session data. This can lead to unauthorized access, eavesdropping on audio and video streams, capturing sensitive credentials, and ultimately compromise of various IoT devices. A multitude of products from brands such as Accfly, Alptop, Boavision, and many others rely on this firmware, making millions of devices susceptible to these threats.

References

https://hacked.camera/

x_refsource_MISC

https://redprocyon.com

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2020
Vulnerability Reserved
Mar 1, 2020