LeakIX - Host 1.55.172.212

Host 1.55.172.212

Vietnam

FPT Telecom Company

Vulnerable HiSilicon family DVR

This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).

Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device

IP: 1.55.172.212
Port: 80
URL: http://1.55.172.212

First seen 2024-04-23 20:46
Last seen 2024-04-28 17:46
Open for 4 days
- Severity: high
  Fingerprint: 321975614123c6c05f83e99b2614d7eadcfbe2dbdcfbe2dbdcfbe2dbdcfbe2db
```
Found HiSiliconDVR firmware:
Hardware: General NBD6804T-F
Vulnerable to multiple issues : LFI, possibly RCE
```
  Found on 2024-04-28 17:46
Create report

2024-06-03 19:56

HTTP/1.1 200 OK
CONNECTION: close
Date: Tue, 04 Jun 2024 02:56:08 GMT
Last-Modified: Fri, 21 Jun 2019 05:53:24 GMT
Etag: "1561096404:55f6"
CONTENT-LENGTH: 22006
P3P: CP=CAO PSA OUR
X-Frame-Options: SAMEORIGIN
CONTENT-TYPE: text/html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=6;IE=7; IE=8; IE=EmulateIE7"> <script type="text/javascript" src="jsCore/echarts.js"></script> <script type="text/javascript" src="jsBase/lib/jquery.js"></script> <script type="text/javascript" src="debug/testPage.js"></script> <script type="text/javascript" src="jsBase/lib/jquery.pubsub.js"></script> <script type="text/javascript" src="jsBase/widget/js/jquery.ui.core.js"></script> <script type="text/javascript" src="jsBase/widget/js/jquery.ui.widget.js"></script> <script type="text/javascript" src="jsBase/widget/js/dui.colorpicker.js"></script> <script type="text/javascript">var $j = jQuery.noConflict();</script> <script type="text/javascript" src="jsBase/lib/base64.js"></script> <script type="text/javascript" src="jsBase/lib/md5.js"></script> <script type="text/javascript" src="jsBase/lib/m1.2.js"></script> <script type="text/javascript" src="jsBase/lib/more.js"></script> <script type="text/javascript" src="jsBase/common/extend.js"></script> <script type="text/javascript" src="jsCore/rpcCore.js"></script> <script type="text/javascript" src="jsBase/lib/sea.js"></script> <script type="text/javascript" src="jsBase/lib/seajs-text.js"></script> <script type="text/javascript" src="jsCore/common.js"></script> <script type="text/javascript" src="js/publicFunc.js"></script> <script type="text/javascript" src="js/system.js"></script> <script type="text/javascript" src="js/loginEx.js"></script> <script type="text/javascript" src="/pluginVersion.js"></script> <script type="text/javascript" src="js/eventScript.js"></script> <script type="text/javascript" src="Component/dui.pwdlevel.js"></script> <script type="text/javascript" src="jsBase/widget/js/dui.guide.js"></script> <script type="text/javascript" src="jsBase/widget/js/dui.textfield.js"></script> <script type="text/javascript">var g_NaclWin = null;
    var g_useApp = window.location.href.indexOf('fromWebChromeNACL') > 0;
    var g_deviceFind = ''; // which way is device support to find password ?
    var g_isDeviceInited = true; // whether device has been initialized ?
    try {
        window.addEventListener('message', function (e) {
            console.log('webview: ' + e.data)
            // console.log(e.origin)
            // console.log(e.source)
            if (e.data == 'domready') {
                g_NaclWin = e.source;
                window.alert = webViewAlert;
                var frames = window.frames;
                for(var i = 0;i < frames.length;i++){
                    frames[i].alert = webViewAlert;
                }
                console.log('send back')
                e.source.postMessage('domready', '*');               
                if(g_ocx) g_ocx.SetTranslateString(jsonLang);
                return;
            }

            // console.log(e.data.method)
            if (typeof window[e.data.method] == 'function') {
                window[e.data.method].apply(this, e.data.params);
            } else {
                g_ocx.messageFromOcx(e.data);
            }
        }, false);
    } catch (e) {

    }
    
    var g_ocx = 0;
    var webcapDefer = jQuery.Deferred();
    seajs.config({
        base: './jsBase',
        paths: {
            'jsCore': '../jsCore',
            'html':'../html',
            'js':'../js'
        }
    });
    seajs.use('/jsCore/app', function (App) {
        window.webApp = new App();
        if(g_NaclWin) g_ocx.SetTranslateString(jsonLang);
        webApp.getWebCapAll().done(function(){
            /*seajs.use('/Component/deviceInitial', function(){

            });*/
            webcapDefer.resolve();
        });
        jQuery(document).ready(function() {
            RPC.DevInit.getStatus().done(function(status){
                if(status.Init == 1) { //uninitialized
                    seajs.use('/Component/d

Found 2024-06-03 by HttpPlugin

Create report

Domain summary

No record

Host 1.55.172.212

Vietnam

Vulnerable HiSilicon family DVR

Create report

Domain summary