uc-httpd 1.0.0
tcp/80
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b9ef7d2d583a0925683a0925683a0925683a09256
Found HiSiliconDVR firmware: Hardware: General TVI9708H_H Vulnerable to multiple issues : LFI, possibly RCE
Open service 179.105.61.59:80
2022-12-13 02:13
Content-type: text/html Server: uc-httpd/1.0.0 Cache-Control: max-age=2592000 Connection: Close Page title: Web Client
Open service 179.105.61.59:80
2022-12-08 00:07
Content-type: text/html Server: uc-httpd/1.0.0 Cache-Control: max-age=2592000 Connection: Close Page title: Web Client