Webs
tcp/82 tcp/85
web
tcp/84
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bcb8e72f6fc184637fc184637fc184637fc184637
Found HiSiliconDVR firmware: Hardware: General MBD6016E-E Vulnerable to multiple issues : LFI, possibly RCE
Open service 175.144.4.42:85
2024-05-31 16:04
HTTP/1.1 200 OK Date: Sat, 01 Jun 2024 00:04:32 GMT Server: Webs X-Frame-Options: SAMEORIGIN ETag: "0-12fd-1e0" Content-Length: 480 Content-Type: text/html Connection: close Last-Modified: Wed, 26 Dec 2018 02:26:27 GMT <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "/doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>
Open service 175.144.4.42:82
2024-05-30 20:26
HTTP/1.1 200 OK Date: Fri, 31 May 2024 04:26:32 GMT Server: Webs X-Frame-Options: SAMEORIGIN ETag: "0-12f2-1e0" Content-Length: 480 Content-Type: text/html Connection: close Last-Modified: Wed, 26 Dec 2018 02:26:27 GMT <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "/doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>
Open service 175.144.4.42:84
2024-05-30 02:52
HTTP/1.1 200 OK Date: Thu, 30 May 2024 10:51:53 GMT Server: web ETag: "0-ad5-1e0" Content-Length: 480 Content-Type: text/html Connection: close Last-Modified: Wed, 28 Feb 2018 07:09:56 GMT <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "/doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>
Open service 175.144.4.42:85
2024-05-28 00:16
HTTP/1.1 200 OK Date: Tue, 28 May 2024 08:14:55 GMT Server: Webs X-Frame-Options: SAMEORIGIN ETag: "0-12fd-1e0" Content-Length: 480 Content-Type: text/html Connection: close Last-Modified: Wed, 26 Dec 2018 02:26:27 GMT <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "/doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>
Open service 175.144.4.42:82
2024-05-27 17:45
HTTP/1.1 200 OK Date: Tue, 28 May 2024 01:45:31 GMT Server: Webs X-Frame-Options: SAMEORIGIN ETag: "0-12f2-1e0" Content-Length: 480 Content-Type: text/html Connection: close Last-Modified: Wed, 26 Dec 2018 02:26:27 GMT <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "/doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>