Microsoft-IIS 10.0
tcp/81
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b74b6d9e701d3b64c01d3b64c01d3b64c01d3b64c
Found HiSiliconDVR firmware: Hardware: General AHB7004T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 121.121.104.109:81
2024-05-30 12:56
HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Fri, 21 Jul 2023 05:16:45 GMT Accept-Ranges: bytes ETag: "3d14ea8a92bbd91:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Thu, 30 May 2024 12:56:11 GMT Connection: close Content-Length: 696 Page title: IIS Windows <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>IIS Windows</title> <style type="text/css"> <!-- body { color:#000000; background-color:#0072C6; margin:0; } #container { margin-left:auto; margin-right:auto; text-align:center; } a img { border:none; } --> </style> </head> <body> <div id="container"> <a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a> </div> </body> </html>
Open service 121.121.104.109:81
2024-05-25 17:45
HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Fri, 21 Jul 2023 05:16:45 GMT Accept-Ranges: bytes ETag: "3d14ea8a92bbd91:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Date: Sat, 25 May 2024 17:45:02 GMT Connection: close Content-Length: 696 Page title: IIS Windows <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>IIS Windows</title> <style type="text/css"> <!-- body { color:#000000; background-color:#0072C6; margin:0; } #container { margin-left:auto; margin-right:auto; text-align:center; } a img { border:none; } --> </style> </head> <body> <div id="container"> <a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a> </div> </body> </html>