This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bb0830027f3faaa0cf3faaa0cf3faaa0cf3faaa0c
Found HiSiliconDVR firmware: Hardware: General XM530_RA50X20_8M Vulnerable to multiple issues : LFI, possibly RCE
Open service 116.108.0.11:80
2024-06-01 02:49
HTTP/1.0 200 OK Server: ZK Web Server Pragma: no-cache Cache-control: no-cache Set-Cookie: SessionID=1717235334; path=/; Content-Type: text/html; Connection: close <html><head><title></title><script language=JavaScript type='text/javascript'>self.location.href='/csl/login'</script></head><body></body></html>
Open service 116.108.0.11:80
2024-05-31 21:07
HTTP/1.0 200 OK Server: ZK Web Server Pragma: no-cache Cache-control: no-cache Set-Cookie: SessionID=1717214778; path=/; Content-Type: text/html; Connection: close <html><head><title></title><script language=JavaScript type='text/javascript'>self.location.href='/csl/login'</script></head><body></body></html>