This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b74b6d9e701d3b64c01d3b64c01d3b64c01d3b64c
Found HiSiliconDVR firmware: Hardware: General AHB7004T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b0bed4eab8254eba08254eba08254eba08254eba0
Found HiSiliconDVR firmware: Hardware: General MBD6304T Vulnerable to multiple issues : LFI, possibly RCE
Open service 27.74.117.8:80
2024-09-11 03:17
HTTP/1.1 302 Moved Temporarily Connection: close Cache-Control: no-cache,no-store Pragma: no-cache Content-Length: 793 Set-Cookie: SID=7a6e9c03b622ad317c1803e6062107e1610ef6c7e13244b246ed47799a08674a; PATH=/; HttpOnly; SameSite=strict Server: Accept-Ranges: bytes X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' data: X-Frame-Options: SAMEORIGIN Location: https://27.74.117.8:443/ Content-Type: text/html; charset=utf-8 Page title: 302 Found <html> <head> <title>302 Found</title> </head> <body bgcolor="#FFFFFF" text="#000000" link="#2020ff" vlink="#4040cc"> <h2>302 Found</h2> <span>The requested URL is going to be https.</span> <div style="display:none"> <span>Padding so that MSIE deigns to show this error instead of its own canned one.</span> <span>Padding so that MSIE deigns to show this error instead of its own canned one.</span> <span>Padding so that MSIE deigns to show this error instead of its own canned one.</span> <span>Padding so that MSIE deigns to show this error instead of its own canned one.</span> <span>Padding so that MSIE deigns to show this error instead of its own canned one.</span> <span>Padding so that MSIE deigns to show this error instead of its own canned one.</span> </div> <hr/> </body> </html>
Open service 27.74.117.8:443
2024-09-09 15:59
HTTP/1.1 200 OK Connection: close Cache-Control: no-cache,no-store Pragma: no-cache Content-Length: 143166 Set-Cookie: SID_HTTPS_=acbbd080d9c88c5799c7131d789cdc99f2ce6a47b755aa34766ee60411309751; PATH=/; Secure; HttpOnly; SameSite=strict Set-Cookie: _TESTCOOKIESUPPORT_HTTPS_=1; PATH=/; Secure; HttpOnly; SameSite=strict Server: Accept-Ranges: bytes X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' data: X-Frame-Options: SAMEORIGIN Content-Type: text/html; charset=utf-8 Page title: F670Y <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel="shortcut icon" href="/img/favicon.ico" /> <title>F670Y</title> <style type="text/css"> html, body { min-height:101%; } body { text-align: center; background: #F2F2F2; overflow-y: scroll; } body, input, textarea, select, label, td, th { font-size: 12px; color: #313131; font-family: "Microsoft YaHei",Arial,SimSun,Verdana,Helvetica,Sans-Serif,Geneva; } body, form, h1, h3, h4, p, ul, ol { margin: 0; } ul, ol { padding-left: 0; list-style-type: none; } a img {border: 0;} table { border-collapse: collapse; border-spacing: 0; } #page_container { position: relative; width: 960px; margin: 0 auto; padding: 0 30px 15px 30px; text-align: left; background: url(../img/site_holder.gif) repeat-y scroll center top; } #page_header { padding-bottom: 20px; } #banner { position: relative; width: 100%; height: 74px; overflow: hidden; padding-bottom: 5px; } #mainNavigator { width: 100%; height: 38px; text-align: center; margin: 0 auto; overflow:hidden; background: #737373; } #page_content { position: relative; min-height: 510px; height: auto !important; height: 480px; overflow: visible; text-align: center; } #page_footer { height: 43px; line-height: 43px; text-align: left; background-color: #F4F4F4; margin-top: 15px; padding: 0 10px; border-top: 1px solid #D7D7D7; } .logo { width: 110px; height: 72px; float: left; background: url(../img/Logo_ZTE.png) no-repeat 5px 30px; } #banner_switchArea { width: 500px; height: 25px; line-height: 25px; position: absolute; bottom: 2px; right: 0px; } .timeArea { width: 300px; height: 25px; line-height: 25px; position: absolute; bottom: 2px; left: 140px; } #banner_switchArea div { float: right; text-align: center; margin: 0 8px; } #banner_switchArea div.logUser{ padding: 0px; text-align: right; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; max-width: 180px; } .clickable { cursor: pointer; } #mainNavigator ul,li { margin:0; padding:0; list-style: none; } #mainNavigator { position: relative; } #mainNavigator ul { position: relative; left: 50%; float: left; } #mainNavigator li { float: left; position: relative; right: 50%; line-height: 34px; } #homeLi { } #mainNavigator a { display: block; width: 100%; height: 100%; background: url(../img/nv_middle.gif) repeat-x; text-decoration: none; } #mainNavigator a:link, #mainNavigator a:visited { color: #FFFFFF; } #mainNavigator a.SelectMenuItem { color: #FFFFFF; background: url(../img/nv_s.gif) repeat-x; } #mn_first, #mn_last { height: 100%; width: 5px; position: absolute; } #mn_li { background: url(../img/nv_middle.gif) repeat-x; height: 100%; } #mn_first { background: url(../img/nv_left.gif) no-repeat; top: 0px; left: 0px; } #mn_last { background: url(../img/nv_right.gif) no-repeat; top: 0px; right: 0px; } #slogan { width: 200px; float: right; margin: 0px; text-align: right; } .caption2, h1 { border-bottom: 1px dotted #313131; font-size: 16px; font-weight: normal; padding-bottom: 8px; margin-bottom: 10px; } input[type="text"], input[type="password"], input[type="file"], textarea, select { -moz-box-sizing: border-box; -webkit-box-sizing: border-box; box-sizing: border-box; height: 26px; *height: 20px; padding: 2px; margin: 2px 0; border: 1px solid; border-color: #AAAAAA #CCCCCC #CCCCCC #AAAAAA; border-radius: 3px; box-shadow: 0 1px 2px #CCCCCC inset; } select { *height: 26px; } textarea { margin: 0; width: 100%; *width: 99%; resize: none; height: 180px; overflow: auto; } input[type="text"]:focus, input[type="password"]:focus, input[type="file"]:focus, textarea:focus { border-color: #FF8040; -webkit-box-shadow: 0 0 3px rgba(255, 128, 64, 0.7); -moz-box-shadow: 0 0 3px rgba(255, 128, 64, 0.7); box-shadow: 0 0 3px rgba(255, 128, 64, 0.7); } select:focus { border-color: #FF8040; } input[type="text"]:disabled, input[type="password"]:disabled, in