This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b651b0155e8c665d6e8c665d6e8c665d6e8c665d6
Found HiSiliconDVR firmware: Hardware: General AHB7032F-LM-V2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 177.39.222.150:8000
2024-09-15 23:45
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-09-13 23:29
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-09-12 05:44
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-09-11 20:39
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8002
2024-09-11 14:38
HTTP/1.1 200 OK Vary: Accept-Encoding X-Frame-Options: SAMEORIGIN Content-Type: text/html X-Content-Type-Options: nosniff Date: Wed, 11 Sep 2024 11:38:14 GMT ETag: 1724337133 Content-Length: 481 X-XSS-Protection: 1; mode=block Last-Modified: Wed, 12 Oct 2022 10:45:46 GMT Connection: close Accept-Ranges: bytes <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "./doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>
Open service 177.39.222.150:8004
2024-09-11 11:52
RTSP/1.0 400 Bad Request
Open service 177.39.222.150:8004
2024-09-11 11:52
RTSP/1.0 400 Bad Request
Open service 177.39.222.150:8000
2024-09-09 23:41
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-09-07 22:04
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-08-17 20:46
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-08-15 20:56
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-08-13 22:46
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-08-11 23:18
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-08-09 21:04
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 177.39.222.150:8000
2024-08-07 19:59
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>