This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b5b070eb1f17b1b12f17b1b12f17b1b12f17b1b12
Found HiSiliconDVR firmware: Hardware: General AHB70016T-MH-V2 Vulnerable to multiple issues : LFI, possibly RCE
Malicious users exploiting this vulnerability may be able to read and/or write information to shared directories.
This may also include IPC services and lead to remote code execution.
Severity: high
Fingerprint: 22420ce026fa767d3962741c23bfd32f75afa13eb25d195e268eeebf93d08341
Found open SMB shares with Guest login ADMIN$ C$ D$ E E$ IPC$ Job Users