This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b2711ab76525057b7525057b7525057b7525057b7
Found HiSiliconDVR firmware: Hardware: General HI3516EV100_50H20L_S38 Vulnerable to multiple issues : LFI, possibly RCE
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b5b070eb1f17b1b12f17b1b12f17b1b12f17b1b12
Found HiSiliconDVR firmware: Hardware: General AHB70016T-MH-V2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 115.76.187.0:443
2024-06-02 23:12
HTTP/1.1 200 OK Date: Mon, 03 Jun 2024 06:13:04 GMT Content-Type: text/html; charset=ISO-8859-1 Set-Cookie: SESSIONID=c27ag2aeaiueaalvsk2xnnaare7etn1a ; path=/; httpOnly; secure ; Content-Length: 246 Connection: close <HTML><HEAD> <script language='JavaScript' src='/jquery.js'></script> <script language='JavaScript' src='/site_common.js'></script> <script> function load() { top.window.location='/'; } </script> </HEAD> <BODY onload='load();'> </BODY></HTML>