This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b165cd1a054247ea554247ea554247ea554247ea5
Found HiSiliconDVR firmware: Hardware: General AHB8008R-MH Vulnerable to multiple issues : LFI, possibly RCE
Open service 2a00:ab00:603:45::19:80 · 37afd181b8bc21921573a767.keenetic.io
2024-06-26 12:40
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Wed, 26 Jun 2024 12:40:55 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Access Denied (0x14) Set-Cookie: X-Detail=403 20; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 2a03:21c0:0:227::96:80 · 37afd181b8bc21921573a767.keenetic.io
2024-06-26 12:40
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Wed, 26 Jun 2024 12:40:56 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Access Denied (0x14) Set-Cookie: X-Detail=403 20; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 95.213.212.50:80 · 37afd181b8bc21921573a767.keenetic.io
2024-06-26 12:40
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Wed, 26 Jun 2024 12:40:54 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Access Denied (0x14) Set-Cookie: X-Detail=403 20; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 31.184.251.19:443 · 37afd181b8bc21921573a767.keenetic.io
2024-06-26 12:40
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Wed, 26 Jun 2024 12:40:52 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Access Denied (0x14) Set-Cookie: X-Detail=403 20; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 2a03:21c0:0:227::96:443 · 37afd181b8bc21921573a767.keenetic.io
2024-06-26 12:40
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Wed, 26 Jun 2024 12:41:02 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Access Denied (0x14) Set-Cookie: X-Detail=403 20; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 31.184.251.19:80 · 37afd181b8bc21921573a767.keenetic.io
2024-06-26 12:40
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Wed, 26 Jun 2024 12:40:54 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Access Denied (0x14) Set-Cookie: X-Detail=403 20; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 2a00:ab00:603:45::19:8443 · 37afd181b8bc21921573a767.keenetic.io
2024-06-26 12:40
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Wed, 26 Jun 2024 12:41:02 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Access Denied (0x14) Set-Cookie: X-Detail=403 20; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>