This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bf30ea5eb22cca46022cca46022cca46022cca460
Found HiSiliconDVR firmware: Hardware: General AHB7008T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bf30ea5eb22cca46022cca46022cca46022cca460
Found HiSiliconDVR firmware: Hardware: General AHB7008T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 223.206.62.48:80
2024-09-12 01:25
HTTP/1.1 200 OK Date: Thu, 12 Sep 2024 08:25:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 1777 Connection: close Expires: Thu, 12 Sep 2024 08:25:18 GMT Cache-Control: no-cache X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cache-control: no-cache, no-store, max-age=0, must-revalidate pragma: no-cache X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: master-only Referrer-Policy: no-referrer-when-downgrade Accept-Ranges: bytes <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" > <script language ="javascript "type ="text/javascript"> document.write('<script src="./js/jquery.js?'+new Date().getTime()+'"><'+'/'+'script>'); document.write('<script src="./js/xhr.js?'+new Date().getTime()+'"><'+'/'+'script>'); document.write('<script src="./js/versionControl.js?'+new Date().getTime()+'"><'+'/'+'script>'); document.write('<script src="./js/access.js?'+new Date().getTime()+'"><'+'/'+'script>'); </script> <script language="javascript"> function frmLoad() { XHR.get("get_operator", null, redirect); } function redirect(data) { var url = "html/login_inter.html"; if ( data != null && data != undefined && data.operators_code != null && data.operators_code != undefined ) { url = getAccessLoginPage(data.operators_code); } if(data.operator_name == "TH_3BB"){ url = "html/login_3bb.html"; } if(data.operator_name == "PH_PLDT"){ sessionStorage.setItem("fh_access", "0"); url = "html/login_pldt.html"; } if(data.operator_name == "BZ_TIM"){ url = "public/index.html"; } if(data.operator_name == "PLE_PALTEL"){ url = "html/login_paltel.html"; } if(data.operator_name == "TH_AIS"){ url = "html/login_ais.html"; } //ROM_RCSRDS/MAGYAR_4IG if(data.operator_name == "ROM_RCSRDS" ){ url = "html/login_romania.html"; } if(data.operator_name == "MAGYAR_4IG"){ url = "html/login_magyar.html"; } window.location.href = url; } </script> </head> <body onLoad='frmLoad();'> </body> </html>
Open service 223.206.62.48:23
2024-09-10 17:07
------acl IP:207.154.197.113 -------- �� �� ��"�� Login: console is lock, please try again after 1 minute . [2JDisconnected. Bye!