This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bc4bc4f95c377fc96c377fc96c377fc96c377fc96
Found HiSiliconDVR firmware: Hardware: General AHB7804R-LM-V3 Vulnerable to multiple issues : LFI, possibly RCE
Open service 1.54.131.195:443
2024-09-10 12:04
HTTP/1.1 200 OK Connection: close Cache-Control: no-cache,no-store Pragma: no-cache Content-Length: 153797 Set-Cookie: SID_HTTPS_=ea5fdab8b73fbe605fa3d126e8e5bdfb9099cb9910ef27aa6f14a868e4d085ca; PATH=/; Secure; HttpOnly; SameSite=strict Set-Cookie: _TESTCOOKIESUPPORT_HTTPS_=1; PATH=/; Secure; HttpOnly; SameSite=strict Server: Accept-Ranges: bytes X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: frame-ancestors 'self' X-Frame-Options: SAMEORIGIN Content-Type: text/html; charset=utf-8 Page title: F671Y <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel="shortcut icon" href="/img/favicon.ico" /> <title>F671Y</title> <style type="text/css"> html, body { min-height:101%; } body { text-align: center; background: #F2F2F2; overflow-y: scroll; } body, input, textarea, select, label, td, th { font-size: 12px; color: #313131; font-family: "Microsoft YaHei",Arial,SimSun,Verdana,Helvetica,Sans-Serif,Geneva; } body, form, h1, h3, h4, p, ul, ol { margin: 0; } ul, ol { padding-left: 0; list-style-type: none; } a img {border: 0;} table { border-collapse: collapse; border-spacing: 0; } #page_container { position: relative; width: 960px; margin: 0 auto; padding: 0 30px 15px 30px; text-align: left; background: url(../img/site_holder.gif) repeat-y scroll center top; } #page_header { padding-bottom: 20px; } #banner { position: relative; width: 100%; height: 74px; overflow: hidden; padding-bottom: 5px; } #mainNavigator { width: 100%; height: 38px; text-align: center; margin: 0 auto; overflow:hidden; background: #737373; } #page_content { position: relative; min-height: 510px; height: auto !important; height: 480px; overflow: visible; text-align: center; } #page_footer { height: 43px; line-height: 43px; text-align: left; background-color: #F4F4F4; margin-top: 15px; padding: 0 10px; border-top: 1px solid #D7D7D7; } .logo { width: 110px; height: 72px; float: left; background: url(../img/Logo_ZTE.png) no-repeat 5px 30px; } #banner_switchArea { width: 500px; height: 25px; line-height: 25px; position: absolute; bottom: 2px; right: 0px; } .timeArea { width: 300px; height: 25px; line-height: 25px; position: absolute; bottom: 2px; left: 140px; } #banner_switchArea div { float: right; text-align: center; margin: 0 8px; } #banner_switchArea div.logUser{ padding: 0px; text-align: right; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; max-width: 180px; } .clickable { cursor: pointer; } #mainNavigator ul,li { margin:0; padding:0; list-style: none; } #mainNavigator { position: relative; } #mainNavigator ul { position: relative; left: 50%; float: left; } #mainNavigator li { float: left; position: relative; right: 50%; line-height: 34px; } #homeLi { } #mainNavigator a { display: block; width: 100%; height: 100%; background: url(../img/nv_middle.gif) repeat-x; text-decoration: none; } #mainNavigator a:link, #mainNavigator a:visited { color: #FFFFFF; } #mainNavigator a.SelectMenuItem { color: #FFFFFF; background: url(../img/nv_s.gif) repeat-x; } #mn_first, #mn_last { height: 100%; width: 5px; position: absolute; } #mn_li { background: url(../img/nv_middle.gif) repeat-x; height: 100%; } #mn_first { background: url(../img/nv_left.gif) no-repeat; top: 0px; left: 0px; } #mn_last { background: url(../img/nv_right.gif) no-repeat; top: 0px; right: 0px; } #slogan { width: 200px; float: right; margin: 0px; text-align: right; } .caption2, h1 { border-bottom: 1px dotted #313131; font-size: 16px; font-weight: normal; padding-bottom: 8px; margin-bottom: 10px; } input[type="text"], input[type="password"], input[type="file"], textarea, select { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; height: 26px; *height: 20px; padding: 2px; margin: 2px 0; border: 1px solid; border-color: #AAAAAA #CCCCCC #CCCCCC #AAAAAA; border-radius: 3px; box-shadow: 0 1px 2px #CCCCCC inset; } select { *height: 26px; } textarea { margin: 0; width: 100%; *width: 99%; resize: none; height: 180px; overflow: auto; } input[type="text"]:focus, input[type="password"]:focus, input[type="file"]:focus, textarea:focus { border-color: #FF8040; -webkit-box-shadow: 0 0 3px rgba(255, 128, 64, 0.7); -moz-box-shadow: 0 0 3px rgba(255, 128, 64, 0.7); box-shadow: 0 0 3px rgba(255, 128, 64, 0.7); } select:focus { border-color: #FF8040; } input[type="text"]:disabled, input[type="password"]:disabled,