Nginx
tcp/443
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b997241482d83fded2d83fded2d83fded2d83fded
Found HiSiliconDVR firmware: Hardware: General AHB8004T-GL Vulnerable to multiple issues : LFI, possibly RCE
Open service 211.252.58.18:443
2024-04-23 03:50
HTTP/1.1 302 Moved Temporarily Date: Tue, 23 Apr 2024 03:50:32 GMT Content-Type: text/html Content-Length: 138 Connection: close Server: Nginx Expires: 0 Pragma: no-cache Cache-Control: no-cache X-LANG: 1 X-Timezone: 0800 X-Timestamp: 1713844232 X-Arch: x86 X-Sysbit: x64 X-Enterprise: 0 X-Support-i18n: 0 X-Support-wifi: 0 Location: /login Page title: 302 Found <html> <head><title>302 Found</title></head> <body> <center><h1>302 Found</h1></center> <hr><center>Nginx</center> </body> </html>