pve-api-daemon 3.0
tcp/8006
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b0bed4eab8254eba08254eba08254eba08254eba0
Found HiSiliconDVR firmware: Hardware: General MBD6304T Vulnerable to multiple issues : LFI, possibly RCE
Open service 42.115.78.166:8006
2024-06-21 06:13
HTTP/1.1 200 OK Cache-Control: max-age=0 Connection: close Date: Fri, 21 Jun 2024 06:13:30 GMT Pragma: no-cache Server: pve-api-daemon/3.0 Content-Length: 1100 Content-Type: text/html; charset=utf-8 Expires: Fri, 21 Jun 2024 06:13:30 GMT Page title: icareviet - Proxmox Virtual Environment <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>icareviet - Proxmox Virtual Environment</title> <link rel="icon" sizes="128x128" href="/pve2/images/logo-128.png" /> <link rel="apple-touch-icon" sizes="128x128" href="/pve2/images/logo-128.png" /> <link rel="stylesheet" type="text/css" href="/pve2/sencha-touch/resources/css/sencha-touch.css" /> <link rel="stylesheet" type="text/css" href="/pve2/touch/pve.css?ver=8.0.9" /> <script type="text/javascript">function gettext(buf) { return buf; }</script> <script type="text/javascript"> Proxmox = { Setup: { auth_cookie_name: 'PVEAuthCookie' }, UserName: '[ % username %]', CSRFPreventionToken: 'null' }; </script> <script type="text/javascript" src="/pve2/sencha-touch/sencha-touch-all.js"></script> <script type="text/javascript" src="/pve2/touch/pvemanager-mobile.js?ver=8.0.9"></script> <script type="text/javascript"> if (typeof(PVE) === 'undefined') PVE = {}; </script> </head> <body> </body> </html>