UPnP 1.0
tcp/80
WebServer 1.0
tcp/80
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b58badd15831c1d16831c1d16831c1d16831c1d16
Found HiSiliconDVR firmware: Hardware: General TVI3104_H Vulnerable to multiple issues : LFI, possibly RCE
Open service 188.225.208.61:80
2024-04-24 20:51
HTTP/1.1 303 See Other Location: http://188.225.208.61/login_security.html Content-Length: 0 X-Frame-Options: sameorigin Server: WebServer/1.0 UPnP/1.0 Connection: close EXT: