Boa 0.93.15
tcp/80
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b5b070eb1f17b1b12f17b1b12f17b1b12f17b1b12
Found HiSiliconDVR firmware: Hardware: General AHB70016T-MH-V2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 178.160.241.105:80
2024-03-01 01:53
HTTP/1.0 302 Moved Temporarily Date: Fri, 02 Jan 1970 12:43:47 GMT Server: Boa/0.93.15 Connection: close Content-Type: text/html Location: /admin/login.asp Page title: 302 Moved Temporarily <HTML><HEAD><TITLE>302 Moved Temporarily</TITLE></HEAD> <BODY> <H1>302 Moved</H1>The document has moved <A HREF="/admin/login.asp">here</A>. </BODY></HTML>