This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b74b6d9e701d3b64c01d3b64c01d3b64c01d3b64c
Found HiSiliconDVR firmware: Hardware: General AHB7004T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 186.218.3.167:80
2023-01-08 03:59
Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: GIGA Security
Open service 186.218.3.167:80
2022-11-19 11:55
Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: GIGA Security
Open service 186.218.3.167:80
2022-12-14 20:11
Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: GIGA Security
Open service 186.218.3.167:80
2023-01-31 10:24
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: GIGA Security