Apache
tcp/5005 tcp/5006
nginx
tcp/5000
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b1daaa3babaee656bbaee656bbaee656bbaee656b
Found HiSiliconDVR firmware: Hardware: General AHB7008T-GS-V3 Vulnerable to multiple issues : LFI, possibly RCE
Open service 122.117.208.23:5000
2024-04-25 15:41
HTTP/1.1 200 OK Server: nginx Date: Thu, 25 Apr 2024 15:41:32 GMT Content-Type: text/html; charset="UTF-8" Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-control: no-store X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Security-Policy: base-uri 'self'; connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; Page title: DSM mobile - DS218 <!DOCTYPE HTML> <html manifest=""> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title>DSM mobile - DS218</title> <link href="/scripts/sencha-touch-2.4.1/resources/css/cupertino.css?v=25556" rel="stylesheet" type="text/css"> <link href="mobile/ui/style.css?v=25556" rel="stylesheet" type="text/css"> <link rel="shortcut icon" href="webman/favicon.ico?v=25556"> <script type="text/javascript" src="webapi/entry.cgi?api=SYNO.Core.Desktop.SessionData&version=1&method=getjs_mobile&SynoToken="></script> <script type="text/javascript" src="/scripts/sencha-touch-2.4.1/touch.js?v=25556"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.JSUIString&version=1&method=getjs&lang=enu&v=25556"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.UIString&version=1&method=getjs&lang=enu&v=25556"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.Defs&version=1&method=getjs&v=25556&SynoToken="></script> <script type="text/javascript" src="mobile/ui/mobile.js?v=25556"></script> <script type="text/javascript" src="/synoSDSjslib/webapierrorcode.js?v=25556"></script> </head> <body class="syno-mobile-body"> <div class="x-mask x-loading-mask syno-mask" id="syno-mobile-preinit-mask" style="width:100%; height: 100%;"> <div class="syno-mask-ct" id="syno-mask-ct"> <div class="syno-mask-inner" id="syno-mask-loading"> <div class="syno-loading-icon"></div> <div class="syno-message x-mask-message syno-mask-message">Loading...</div> </div> <div id="syno-non-admin-redirect" style="visibility: hidden;"> <div class="syno-upper-part"><span id="syno-non-admin-redirect-desc"></span></div> <div class="syno-lower-part"><a id="syno-non-admin-redirect-button" class="x-syno-button" href="/?forceDesktop=2"></a></div> </div> </div> </div> </body> </html>
Open service 122.117.208.23:5005
2024-04-24 21:10
HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 21:10:47 GMT Server: Apache Content-Length: 198 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL / was not found on this server.</p> </body></html>
Open service 122.117.208.23:5006
2024-04-24 08:16
HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 08:16:29 GMT Server: Apache Content-Length: 198 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL / was not found on this server.</p> </body></html>
Open service 122.117.208.23:5000
2024-04-23 23:21
HTTP/1.1 200 OK Server: nginx Date: Tue, 23 Apr 2024 23:21:48 GMT Content-Type: text/html; charset="UTF-8" Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Cache-control: no-store X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" Content-Security-Policy: base-uri 'self'; connect-src ws: wss: *; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self' https://gofile.me http://gofile.me; frame-src 'self' data: blob: https://*.synology.com https://www.synology.cn/ http://*.synology.com http://*.synology.cn; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com; media-src 'self' data: about:; script-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://*.google.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; Page title: DSM mobile - DS218 <!DOCTYPE HTML> <html manifest=""> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title>DSM mobile - DS218</title> <link href="/scripts/sencha-touch-2.4.1/resources/css/cupertino.css?v=25556" rel="stylesheet" type="text/css"> <link href="mobile/ui/style.css?v=25556" rel="stylesheet" type="text/css"> <link rel="shortcut icon" href="webman/favicon.ico?v=25556"> <script type="text/javascript" src="webapi/entry.cgi?api=SYNO.Core.Desktop.SessionData&version=1&method=getjs_mobile&SynoToken="></script> <script type="text/javascript" src="/scripts/sencha-touch-2.4.1/touch.js?v=25556"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.JSUIString&version=1&method=getjs&lang=enu&v=25556"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.UIString&version=1&method=getjs&lang=enu&v=25556"></script> <script src="webapi/entry.cgi?api=SYNO.Core.Desktop.Defs&version=1&method=getjs&v=25556&SynoToken="></script> <script type="text/javascript" src="mobile/ui/mobile.js?v=25556"></script> <script type="text/javascript" src="/synoSDSjslib/webapierrorcode.js?v=25556"></script> </head> <body class="syno-mobile-body"> <div class="x-mask x-loading-mask syno-mask" id="syno-mobile-preinit-mask" style="width:100%; height: 100%;"> <div class="syno-mask-ct" id="syno-mask-ct"> <div class="syno-mask-inner" id="syno-mask-loading"> <div class="syno-loading-icon"></div> <div class="syno-message x-mask-message syno-mask-message">Loading...</div> </div> <div id="syno-non-admin-redirect" style="visibility: hidden;"> <div class="syno-upper-part"><span id="syno-non-admin-redirect-desc"></span></div> <div class="syno-lower-part"><a id="syno-non-admin-redirect-button" class="x-syno-button" href="/?forceDesktop=2"></a></div> </div> </div> </div> </body> </html>
Open service 122.117.208.23:5005
2024-04-22 22:48
HTTP/1.1 404 Not Found Date: Mon, 22 Apr 2024 22:48:44 GMT Server: Apache Content-Length: 198 Connection: close Content-Type: text/html; charset=iso-8859-1 Page title: 404 Not Found <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL / was not found on this server.</p> </body></html>