This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Found HiSiliconDVR firmware: Hardware: General MBD6016E-E Vulnerable to multiple issues : LFI, possibly RCE
Open service 126.96.36.199:80
Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB