This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b0731aca679766ae779766ae779766ae779766ae7
Found HiSiliconDVR firmware: Hardware: General AHB7804R-MH-V2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 185.255.209.44:80
2024-08-17 21:20
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sun, 18 Aug 2024 00:20:23 GMT Last-Modified: Fri, 17 Jun 2022 15:20:39 GMT Etag: "1655479239:dd6" CONTENT-LENGTH: 3542 CACHE-CONTROL: max-age=0 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 185.255.209.44:80
2024-08-15 21:47
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Fri, 16 Aug 2024 00:46:43 GMT Last-Modified: Fri, 17 Jun 2022 15:20:39 GMT Etag: "1655479239:dd6" CONTENT-LENGTH: 3542 CACHE-CONTROL: max-age=0 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 185.255.209.44:80
2024-08-13 21:36
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Wed, 14 Aug 2024 00:36:08 GMT Last-Modified: Fri, 17 Jun 2022 15:20:39 GMT Etag: "1655479239:dd6" CONTENT-LENGTH: 3542 CACHE-CONTROL: max-age=0 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 185.255.209.44:80
2024-08-11 21:13
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Mon, 12 Aug 2024 00:12:59 GMT Last-Modified: Fri, 17 Jun 2022 15:20:39 GMT Etag: "1655479239:dd6" CONTENT-LENGTH: 3542 CACHE-CONTROL: max-age=0 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Open service 185.255.209.44:80
2024-08-09 21:52
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sat, 10 Aug 2024 00:52:12 GMT Last-Modified: Fri, 17 Jun 2022 15:20:39 GMT Etag: "1655479239:dd6" CONTENT-LENGTH: 3542 CACHE-CONTROL: max-age=0 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html