This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99be00d7104014dcbe9014dcbe9014dcbe9014dcbe9
Found HiSiliconDVR firmware: Hardware: General NBD6808T-PL Vulnerable to multiple issues : LFI, possibly RCE
Open service 41.35.89.68:80
2024-06-20 02:13
HTTP/1.1 200 OK CACHE-CONTROL: no-cache Date: Sat, 01 Jan 2000 11:23:21 GMT Connection: Keep-Alive Content-Type: text/html Content-Length: 10514