This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bce92ad985b0ec83d5b0ec83d5b0ec83d5b0ec83d
Found HiSiliconDVR firmware: Hardware: General 50H20L Vulnerable to multiple issues : LFI, possibly RCE
Open service 106.96.46.198:445
2024-06-02 11:27
SMB NTLMSSP handshake results: Found Windows 10.0 build 19041 NbComputerName: DESKTOP-ODIV725 NbDomainName: DESKTOP-ODIV725 DNSComputerName: DESKTOP-ODIV725 DNSDomainName: DESKTOP-ODIV725