DNVRS-Webs
tcp/80
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bf30ea5eb22cca46022cca46022cca46022cca460
Found HiSiliconDVR firmware: Hardware: General AHB7008T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 27.75.138.121:80
2024-06-15 02:21
HTTP/1.1 200 OK Date: Sat, 15 Jun 2024 09:21:40 GMT Server: DNVRS-Webs ETag: "248-8ef-62d" Content-Length: 1581 Content-Type: text/html Connection: close Last-Modified: Wed, 15 Apr 2015 05:47:02 GMT Page title: index <!doctype html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache, must-revalidate"> <meta http-equiv="expires" content="0"> <title>index</title> <script> function initIndex() { if (navigator.appName == 'Netscape' || navigator.appName == "Opera") { var sysLanguage= navigator.language.toLowerCase(); } else { var sysLanguage= navigator.browserLanguage.toLowerCase(); } var szLanguage = sysLanguage.substring(0,2); if(szLanguage == "zh") { //中文需要区分简体和繁体 var arSysLan = sysLanguage.split("-"); if (arSysLan.length === 2) { var szLanguage = arSysLan[0].toLowerCase() + "_" + arSysLan[1].toUpperCase(); if(arSysLan[1].toLowerCase() === "cn") { $.cookie('language', 'zh'); } else { $.cookie('language', szLanguage); } } } else { $.cookie('language', szLanguage); } self.moveTo(0,0); //使其IE窗口最大化 self.resizeTo(screen.availWidth,screen.availHeight); $.cookie('updateTips', 'true'); window.location.href = "doc/page/login.asp"; } </script> </head> <body> <script type="text/javascript" src="doc/script/LAB.min.js"></script> <script> $LAB .script("doc/script/jquery-1.7.1.min.js").wait() .script("doc/script/jquery.cookie.js").wait() .script("doc/script/global_config.js?version=" + new Date()).wait(function () { initIndex(); }); </script> </body> </html>