This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b74b6d9e701d3b64c01d3b64c01d3b64c01d3b64c
Found HiSiliconDVR firmware: Hardware: General AHB7004T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 1.53.16.225:85
2024-09-13 22:45
HTTP/1.0 302 Found Common:CDebugger:SetLevel already close, Current output=2(0:std;1:file;10:telnet) HTTP/1.0 302 Found content-type: text/html; charset=UTF-8 P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT' Location: /login.rsp Page title: 302 Moved <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF='/login.rsp'>here</a></BODY></HTML>
Open service 1.53.16.225:85
2024-09-12 06:21
HTTP/1.0 302 Found Common:CDebugger:SetLevel already close, Current output=2(0:std;1:file;10:telnet) HTTP/1.0 302 Found content-type: text/html; charset=UTF-8 P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT' Location: /login.rsp Page title: 302 Moved <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF='/login.rsp'>here</a></BODY></HTML>