This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b0bed4eab8254eba08254eba08254eba08254eba0
Found HiSiliconDVR firmware: Hardware: General MBD6304T Vulnerable to multiple issues : LFI, possibly RCE
Open service 220.135.121.124:88
2024-09-12 02:42
HTTP/1.1 200 OK Content-type: text/html Content-Length: 1982 Connection: close <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title></title> <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" media="screen" /> </head> <body> <div class="loadingIndicator_bk"> </div> <div class="loadingIndicator_tip"> <div style="height: 300px;"> </div> <span class="msg_border"><span class="msg"></span></span> </div> <div id="InitialView" style="background: #fff center url(css/Pictures/initview.gif) no-repeat; width: 100%; height: 100%;"></div> <div id="BaseContent"> </div> <!--顶层浮动提示框--> <div id="topFloatMsg"> <div id="topFloatMsg_title"> </div> <div id="topFloatMsg_body"> <div id="topFloatMsg_icon"> </div> <div id="topFloatMsg_content"> </div> </div> <div id="topFloatMsg_bottom"> </div> </div> <iframe id="topFloatMsg_bk" scrolling="no" frameborder="0" src="about:blank"></iframe> <!--顶层滚动消息框--> <div id="topRollMsg"> <div id="topRollMsg_title"> <span lc="html" lk="IDCS_INFO_TIP"></span> <div id="topRollMsg_close"> </div> </div> <div id="topRollMsg_content"> </div> </div> <iframe id="topRollMsg_bk" width="100%" height="100%" scrolling="no" frameborder="0" src="about:blank"></iframe> <script language="javascript" for="VideoPlugin" event="NotifyResultToJs(strXMLFormat, lStrLen)"> VideoPluginNotify(strXMLFormat, lStrLen); </script> <script language="javascript" for="TimeSliderPlugin" event="NotifyResultToJs(strXMLFormat, lStrLen)"> TimeSliderPluginNotify(strXMLFormat, lStrLen); </script> <script data-main="js/index.js?v=20210528.01" src="js/lib/require.js" type="text/javascript"></script> </body> </html>
Open service 220.135.121.124:88
2024-08-17 19:55
HTTP/1.1 200 OK Content-type: text/html Content-Length: 1982 Connection: close <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title></title> <link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" media="screen" /> </head> <body> <div class="loadingIndicator_bk"> </div> <div class="loadingIndicator_tip"> <div style="height: 300px;"> </div> <span class="msg_border"><span class="msg"></span></span> </div> <div id="InitialView" style="background: #fff center url(css/Pictures/initview.gif) no-repeat; width: 100%; height: 100%;"></div> <div id="BaseContent"> </div> <!--顶层浮动提示框--> <div id="topFloatMsg"> <div id="topFloatMsg_title"> </div> <div id="topFloatMsg_body"> <div id="topFloatMsg_icon"> </div> <div id="topFloatMsg_content"> </div> </div> <div id="topFloatMsg_bottom"> </div> </div> <iframe id="topFloatMsg_bk" scrolling="no" frameborder="0" src="about:blank"></iframe> <!--顶层滚动消息框--> <div id="topRollMsg"> <div id="topRollMsg_title"> <span lc="html" lk="IDCS_INFO_TIP"></span> <div id="topRollMsg_close"> </div> </div> <div id="topRollMsg_content"> </div> </div> <iframe id="topRollMsg_bk" width="100%" height="100%" scrolling="no" frameborder="0" src="about:blank"></iframe> <script language="javascript" for="VideoPlugin" event="NotifyResultToJs(strXMLFormat, lStrLen)"> VideoPluginNotify(strXMLFormat, lStrLen); </script> <script language="javascript" for="TimeSliderPlugin" event="NotifyResultToJs(strXMLFormat, lStrLen)"> TimeSliderPluginNotify(strXMLFormat, lStrLen); </script> <script data-main="js/index.js?v=20210528.01" src="js/lib/require.js" type="text/javascript"></script> </body> </html>