LeakIX - Host 31.16.127.10

Host 31.16.127.10

Germany

Vodafone GmbH

Vulnerable HiSilicon family DVR

This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).

Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device

IP: 31.16.127.10
Port: 80
URL: http://31.16.127.10

First seen 2023-10-06 01:37
Last seen 2024-09-17 23:25
Open for 347 days
- Severity: high
  Fingerprint: 321975614123c6c05f83e99b74b6d9e701d3b64c01d3b64c01d3b64c01d3b64c
```
Found HiSiliconDVR firmware:
Hardware: General AHB7004T-MHV2
Vulnerable to multiple issues : LFI, possibly RCE
```
  Found on 2024-09-17 23:25
Create report

2024-09-29 20:27

HTTP/1.0 200 OK
Content-type: application/binary
Server: uc-httpd 1.0.0
Expires: 0

Page title: 404 File Not Found

<html><head><title>404 File Not Found</title></head>
<body>The requested URL was not found on this server</body></html>

Found 2024-09-29 by HttpPlugin

Create report

Open service 31.16.127.10:80

2024-09-27 20:18

HTTP/1.0 200 OK
Content-type: text/html
Server: uc-httpd 1.0.0
Expires: 0

Page title: NETSurveillance WEB

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" type="text/css" media="screen" href="m.css" />
    
    <title>NETSurveillance WEB</title>
    
    <!-- m.js -->

    <script type="text/javascript" language="JavaScript">
	if(navigator.userAgent.indexOf('IE') < 0)
	{
		var userAgent = navigator.userAgent,   
                rMsie = /(msie\s|trident.*rv:)([\w.]+)/,   
                rFirefox = /(firefox)\/([\w.]+)/,   
                rOpera = /(opera).+version\/([\w.]+)/,   
                rChrome = /(chrome)\/([\w.]+)/,   
                rSafari = /version\/([\w.]+).*(safari)/;
		var browserMatch = uaMatch(userAgent.toLowerCase());
		 
		if(browserMatch.browser!="IE")
		{
		     location="Login.htm";
		}
		
	}
	
	function uaMatch(ua) {  
                    var match = rMsie.exec(ua);
		      
                    if (match != null) {  
                        return { browser : "IE", version : match[2] || "0" };  
                   }  
                    var match = rFirefox.exec(ua);  
                   if (match != null) {  
                       return { browser : match[1] || "", version : match[2] || "0" };  
                    }  
                    var match = rOpera.exec(ua);  
                    if (match != null) {  
                       return { browser : match[1] || "", version : match[2] || "0" };  
                    }  
                   var match = rChrome.exec(ua);  
                   if (match != null) {  
                       return { browser : match[1] || "", version : match[2] || "0" };  
                   }  
                    var match = rSafari.exec(ua);  
                    if (match != null) {  
                       return { browser : match[2] || "", version : match[1] || "0" };  
                    }  
                  if (match != null) {  
                        return { browser : "", version : "0" };  
                   }  
               }  
    </script>

    <script type="text/javascript">//m.js
     var ipaddress =document.location.hostname;
if (ipaddress == "")
{
	//ipaddress = "10.10.39.38";
//	ipaddress = "10.2.2.88";
}
var hostport=34567;
var iLanguage=108;
	var numLanguage;
	var DownLoadAddr="";
	</script>
	<script type="text/javascript" src="m.jsp"></script>
	<script type="text/javascript" src="config.js"></script>

    <!-- 全局变量 -->

    <script type="text/javascript">
var gExitChannel=new Array();
var gExitSubType=new Array();
var gexiti;
var gcid=-1;
var g_channelNum=4;
var g_digitalChannel=0;
var gsld;
var gslda;
var gsldb;
var gsldc;
var gsldd;
var gfmu1=0;
var gfmu2=0;
var gfmu3=0;
var g_bRecord=false;
var g_bRealPlay=false;
var g_bAudio=false;
var g_bQS=false;
var g_bClose=false;
var gHashCookie = new Hash.Cookie('NetSuveillanceWebCookie',{duration: 30});
var settings = {
	username:'',
	ocxlanguage:''
	}
var gca=0;
var gcb=0;
var gcc=0;
var gcd=0;
var gAutoPlayAll=false;
   

    </script>

    <!-- 颜色滑块 -->

    <script type="text/javascript">
function sldtopos(sld,step){
	sld.knob.setStyle('left', sld.toPosition(step));
}
function setcolorsv(f,v){
		switch (f)
		{
			case 1: gca=v;
					$('ska').title=v;
					break;
			case 2: gcb=v;
					$('skb').title=v;
					break;
			case 3: gcc=v;
					$('skc').title=v;
					break;
			case 4: gcd=v;
					$('skd').title=v;
					break;
		}	
}
function getcolors(){
	var colors="";
	colors=ocx.GetColor();
	
	var t= new Array();
	if (colors !="")
	{
		t=colors.split(',');
	sldtopos(gslda,parseInt(t[0]));
	sldtopos(gsldb,parseInt(t[1]));
	sldtopos(gsldc,parseInt(t[2]));
	sldtopos(gsldd,parseInt(t[3]));
	setcolorsv(1,parseInt(t[0]));
	setcolorsv(2,parseInt(t[1]));
	setcolorsv(3,parseInt(t[2]));
	setcolorsv(4,parseInt(t[3]));
	}
	el

Found 2024-09-27 by HttpPlugin

Create report

Domain summary

No record

Host 31.16.127.10

Germany

Vulnerable HiSilicon family DVR

Create report

Create report

Domain summary