This is a report of a 0-day backdoor giving remote root shell access on Teradek IP video devices. Reported the issue to the manufacturer last year, they have released a new firmware version since then, but have not fixed it. That is why this is full disclosure here. Proof of concept is following below.

About the device

The Teradek IP video devices are live streaming devices able to encode video inputs (like SDI, HDMI, etc) to various streaming formats capable of Ethernet transport. There are different IP video devices made by Teradek, but the firmwares seems to be very similar (especially in the backdoor functionality). …

István Tóth

IT Security Expert, Penetration Testing, Red Teaming | OSCP | CRT(E|O) | @RingZer0_CTF 1st (for 2yrs), RCEH | HackTheBox Top10 | RPISEC MBE | Flare-On completer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store