This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b5b070eb1f17b1b12f17b1b12f17b1b12f17b1b12
Found HiSiliconDVR firmware: Hardware: General AHB70016T-MH-V2 Vulnerable to multiple issues : LFI, possibly RCE
.DS_Store” is an abbreviation for “Desktop Services Store”. These files are created automatically by Apples “Finder” software (which is part of their OS).
They store information about the files within a folder, including display options of folders, such as icon positions and view settings.
It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels.
Severity: low
Fingerprint: 5f32cf5d6962f09c31c2f0b631c2f0b6b4a0b263a5f6f9a282a579a5fad5ea33
Found 28 files trough .DS_Store spidering: /#recycle /av_promotions_ltd-c.html /conferences-e.html /contact-c.html /contact.html /corporate-information-c.html /corporate-information.html /css /events-e.html /exhibitions-e.html /gallery-c.html /gallery-conference-c.html /gallery-event-c.html /gallery-exhibition-c.html /images /index.html /investor_relationship-c.html /investor_relationship-e.html /js /livestreaming-e.html /macao-light-festival.html /new_project-c.html /privacy-policy.html /robots.txt /sitemap.xml /thank.php /video /web_images