This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bf30ea5eb22cca46022cca46022cca46022cca460
Found HiSiliconDVR firmware: Hardware: General AHB7008T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 113.161.53.181:81
2024-10-17 20:34
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Fri, 18 Oct 2024 03:34:36 GMT Last-Modified: Tue, 30 Jul 2024 07:50:19 GMT Etag: "1722325819:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-10-15 20:49
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Wed, 16 Oct 2024 03:49:40 GMT Last-Modified: Tue, 30 Jul 2024 07:50:19 GMT Etag: "1722325819:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-10-01 20:42
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Wed, 02 Oct 2024 03:42:15 GMT Last-Modified: Wed, 15 Feb 2023 07:23:41 GMT Etag: "1676445821:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-09-29 20:47
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Mon, 30 Sep 2024 03:47:09 GMT Last-Modified: Wed, 15 Feb 2023 07:23:41 GMT Etag: "1676445821:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-09-27 20:34
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sat, 28 Sep 2024 03:34:15 GMT Last-Modified: Wed, 15 Feb 2023 07:23:41 GMT Etag: "1676445821:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-09-25 21:07
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Thu, 26 Sep 2024 04:07:07 GMT Last-Modified: Wed, 15 Feb 2023 07:23:41 GMT Etag: "1676445821:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-09-23 21:00
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Tue, 24 Sep 2024 04:00:17 GMT Last-Modified: Wed, 15 Feb 2023 07:23:41 GMT Etag: "1676445821:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-09-15 21:00
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Mon, 16 Sep 2024 04:00:09 GMT Last-Modified: Wed, 15 Feb 2023 07:23:41 GMT Etag: "1676445821:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 113.161.53.181:81
2024-09-13 20:56
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sat, 14 Sep 2024 03:56:43 GMT Last-Modified: Wed, 15 Feb 2023 07:23:41 GMT Etag: "1676445821:cab" CONTENT-LENGTH: 3243 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html