This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b74b6d9e701d3b64c01d3b64c01d3b64c01d3b64c
Found HiSiliconDVR firmware: Hardware: General AHB7004T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Severity: high
Fingerprint: 321975614123c6c05f83e99b0bed4eab8254eba08254eba08254eba08254eba0
Found HiSiliconDVR firmware: Hardware: General MBD6304T Vulnerable to multiple issues : LFI, possibly RCE
Open service 1.52.157.39:81
2024-09-15 21:11
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Mon, 16 Sep 2024 03:55:37 GMT Last-Modified: Thu, 05 May 2022 08:15:30 GMT Etag: "1651738530:d5b" CONTENT-LENGTH: 3419 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 1.52.157.39:81
2024-09-13 21:09
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sat, 14 Sep 2024 03:53:44 GMT Last-Modified: Thu, 05 May 2022 08:15:30 GMT Etag: "1651738530:d5b" CONTENT-LENGTH: 3419 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 1.52.157.39:81
2024-09-11 21:39
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Thu, 12 Sep 2024 04:23:09 GMT Last-Modified: Thu, 05 May 2022 08:15:30 GMT Etag: "1651738530:d5b" CONTENT-LENGTH: 3419 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 1.52.157.39:81
2024-09-10 16:03
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Tue, 10 Sep 2024 22:48:00 GMT Last-Modified: Thu, 05 May 2022 08:15:30 GMT Etag: "1651738530:d5b" CONTENT-LENGTH: 3419 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 1.52.157.39:81
2024-09-09 21:20
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Tue, 10 Sep 2024 04:04:22 GMT Last-Modified: Thu, 05 May 2022 08:15:30 GMT Etag: "1651738530:d5b" CONTENT-LENGTH: 3419 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 1.52.157.39:81
2024-09-07 21:14
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sun, 08 Sep 2024 03:58:35 GMT Last-Modified: Thu, 05 May 2022 08:15:30 GMT Etag: "1651738530:d5b" CONTENT-LENGTH: 3419 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html