This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b50b5542628c8f96728c8f96728c8f96728c8f967
Found HiSiliconDVR firmware: Hardware: General AHB7004T-LME-V3 Vulnerable to multiple issues : LFI, possibly RCE
Open service 123.21.140.175:443
2024-09-11 17:02
HTTP/1.0 401 Unauthorized Date: Thu, 12 Sep 2024 00:02:29 GMT Content-Type: text/html; charset=gb2312 Set-Cookie: SESSIONID=664f5a4e;md5=del;base64=del;path=/cgi-bin Page title: Login <HTML><HEAD><TITLE>Login</TITLE><script language=javascript>top.location.replace("/cgi-bin/login.asp");</script></HEAD><body></body></HTML>