This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bd495e52f84764f3484764f3484764f3484764f34
Found HiSiliconDVR firmware: Hardware: General RA50X20-C_64M Vulnerable to multiple issues : LFI, possibly RCE
Malicious users exploiting this vulnerability may be able to read and/or write information to shared directories.
This may also include IPC services and lead to remote code execution.
Severity: high
Fingerprint: 22420ce026fa767d3962741c23bfd32f75afa13eb25d195ea821ba6c221ed954
Found open SMB shares with Guest login ADMIN$ C$ D$ IPC$ Users