This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bf30ea5eb22cca46022cca46022cca46022cca460
Found HiSiliconDVR firmware: Hardware: General AHB7008T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 2a00:ab00:1103:20::50:8443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Sun, 08 Sep 2024 22:10:22 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Unclassified (0x34) Set-Cookie: X-Detail=403 52; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 95.213.212.50:443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: Web server Date: Sun, 08 Sep 2024 22:10:13 GMT Content-Type: text/html Content-Length: 553 Connection: close X-Detail: 0x1284, no service Page title: 403 Forbidden <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>Web server</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Open service 185.162.93.96:443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: Web server Date: Sun, 08 Sep 2024 22:10:12 GMT Content-Type: text/html Content-Length: 553 Connection: close X-Detail: 0x1284, no service Page title: 403 Forbidden <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>Web server</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Open service 2a00:ab00:1103:20::50:443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: Web server Date: Sun, 08 Sep 2024 22:10:21 GMT Content-Type: text/html Content-Length: 553 Connection: close X-Detail: 0x1284, no service Page title: 403 Forbidden <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>Web server</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Open service 185.162.93.96:8443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Sun, 08 Sep 2024 22:10:14 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Unclassified (0x33) Set-Cookie: X-Detail=403 51; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 95.213.212.50:8443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Sun, 08 Sep 2024 22:10:14 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Unclassified (0x33) Set-Cookie: X-Detail=403 51; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>
Open service 2a03:21c0:0:227::96:443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: Web server Date: Sun, 08 Sep 2024 22:10:21 GMT Content-Type: text/html Content-Length: 553 Connection: close X-Detail: 0x1284, no service Page title: 403 Forbidden <html> <head><title>403 Forbidden</title></head> <body> <center><h1>403 Forbidden</h1></center> <hr><center>Web server</center> </body> </html> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page --> <!-- a padding to disable MSIE and Chrome friendly error page -->
Open service 2a03:21c0:0:227::96:8443 · c60671a588d122101e4808db.keenetic.io
2024-09-08 22:10
HTTP/1.1 403 Forbidden Server: NDM NDNS Date: Sun, 08 Sep 2024 22:10:22 GMT Content-Type: text/html Content-Length: 975 Cache-Control: no-store, no-cache, max-age=0, private X-Detail: Unclassified (0x34) Set-Cookie: X-Detail=403 52; max-age=300 Connection: close Page title: Error <!DOCTYPE html> <html lang="en"> <head> <base href="https://static.keenetic.net/kdns201/"/> <link rel="shortcut icon" href="favicon.ico" /> <link rel="stylesheet" href="style.css" /> <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700&subset=cyrillic" /> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /> <meta http-equiv="Referrer-Policy" content="origin-when-cross-origin" /> <meta http-equiv="Content-Security-Policy" content=" default-src 'self' https://static.keenetic.net/kdns201/ ; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https: ; img-src 'self' data: 'unsafe-eval' 'unsafe-inline' https: ; script-src 'self' https://static.keenetic.net/kdns201/ ; " /> <script defer src="script.js"></script> <title>Error</title> </head> <body> <noscript>403</noscript> <main class="template" /> </body> </html>