Boa 0.94.13
tcp/443 tcp/80
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b2711ab76525057b7525057b7525057b7525057b7
Found HiSiliconDVR firmware: Hardware: General HI3516EV100_50H20L_S38 Vulnerable to multiple issues : LFI, possibly RCE
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b91f7c49ebca0459fbca0459fbca0459fbca0459f
Found HiSiliconDVR firmware: Hardware: General 50H20L_18EV200_S38 Vulnerable to multiple issues : LFI, possibly RCE
Open service 118.68.94.174:443
2024-09-10 17:13
HTTP/1.0 401 Unauthorized Date: Sun, 27 Aug 2017 04:00:39 GMT Server: Boa/0.94.13 Content-Type: text/html; charset=gb2312 Set-Cookie: SESSIONID=186f4fef; Page title: Login <HTML><HEAD><TITLE>Login</TITLE><script language=javascript>top.location.replace("/cgi-bin/login.asp");</script></HEAD><body></body></HTML>
Open service 118.68.94.174:80
2024-09-09 18:55
HTTP/1.0 401 Unauthorized Date: Sat, 26 Aug 2017 05:43:01 GMT Server: Boa/0.94.13 Connection: close Content-Type: text/html; charset=gb2312 Set-Cookie: SESSIONID=7f72e347; Page title: Login <HTML><HEAD><TITLE>Login</TITLE><script language=javascript>top.location.replace("/cgi-bin/login.asp");</script></HEAD><body></body></HTML>