DNVRS-Webs
tcp/82
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b0bed4eab8254eba08254eba08254eba08254eba0
Found HiSiliconDVR firmware: Hardware: General MBD6304T Vulnerable to multiple issues : LFI, possibly RCE
Open service 42.119.42.164:82
2024-06-22 12:19
HTTP/1.1 200 OK Date: Sat, 22 Jun 2024 19:20:01 GMT Server: DNVRS-Webs ETag: "0-846-1e0" Content-Length: 480 Content-Type: text/html Connection: close Last-Modified: Mon, 07 Sep 2015 06:31:21 GMT <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "/doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>
Open service 42.119.42.164:81
2024-06-20 17:48
HTTP/1.1 200 OK Vary: Accept-Encoding X-Frame-Options: SAMEORIGIN Content-Type: text/html X-Content-Type-Options: nosniff Date: Fri, 21 Jun 2024 00:49:03 GMT ETag: 1718706801 Content-Length: 481 X-XSS-Protection: 1; mode=block Last-Modified: Wed, 29 Dec 2021 02:42:42 GMT Connection: close Accept-Ranges: bytes <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "./doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>
Open service 42.119.42.164:80
2024-06-20 07:42
HTTP/1.1 200 OK Vary: Accept-Encoding X-Frame-Options: SAMEORIGIN Content-Type: text/html X-Content-Type-Options: nosniff Date: Thu, 20 Jun 2024 14:42:54 GMT ETag: 1718706801 Content-Length: 481 X-XSS-Protection: 1; mode=block Last-Modified: Wed, 29 Dec 2021 02:42:42 GMT Connection: close Accept-Ranges: bytes <!doctype html> <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" > <meta http-equiv="Pragma" content="no-cache" /> <meta http-equiv="Cache-Control" content="no-cache, must-revalidate" /> <meta http-equiv="Expires" content="0" /> </head> <body> </body> <script> window.location.href = "./doc/page/login.asp?_" + (new Date()).getTime(); </script> </html>