This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b2614d7eadcfbe2dbdcfbe2dbdcfbe2dbdcfbe2db
Found HiSiliconDVR firmware: Hardware: General NBD6804T-F Vulnerable to multiple issues : LFI, possibly RCE
Open service 42.118.167.197:443
2024-06-14 20:52
HTTP/1.0 302 Found Pragma: no-cache Location: /weblogin.htm Content-type: text/html Page title: 302 Document moved <html> <head> <title>302 Document moved</title> </head> <body> This document has moved <A HREF="/weblogin.htm">here</A>.<P> </body> </html>