This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bf30ea5eb22cca46022cca46022cca46022cca460
Found HiSiliconDVR firmware: Hardware: General AHB7008T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Open service 46.175.184.161:81
2024-09-15 19:59
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 46.175.184.161:81
2024-09-13 19:59
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 46.175.184.161:81
2024-09-11 20:19
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 46.175.184.161:80
2024-09-10 04:18
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Length: 18127 Connection: close <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <META http-equiv=Content-Type content="text/html; charset=utf-8" /> <META http-equiv=Pragma content=no-cache> <META http-equiv=Expires content=0> <style type="text/css"> body{ font-family:Arial, sans-serief; background-color:#FFFFFF; margin:0px; padding:0px; } div.loginBox { /*display: block;*/ position:relative; margin-top:10%; text-align:center; } .nd { display: none !important; } .noteDiv{ color:gray; font-family:Arial; width:395px; text-align:left; margin:0px auto; font-size:14px; } #note{ /*display:inline-block;*/ vertical-align:top; _display:inline; _zoom:1; width:50px; font-weight:bold; } #tip{ display:inline-block; vertical-align:top; _display:inline; _zoom:1; width:340px; font-weight:bold; } div.panelThre{ margin-top:10px; } div.picDiv{ width:395px; height:276px; /*background:url(../login/loginbg.png);*/ position:relative; } input.pcPassword{ width:300px; height:50px; line-height:50px; padding-left:20px; } div.PCBtnDiv{ position:relative; margin-top:20px; } img.logoPic{ width:100%; } #copyright{ -webkit-text-size-adjust:none; font-size:8px; color:#6a6969; font-family:"Verdana"; font-weight:normal; margin-top:40px; display:inline-block; } .topLogo{ background-color: #4ACBD6; height:96px; overflow: hidden; } tr{ vertical-align: top; } .topLogo td a img{ margin:27px 0 0 25px; } .topLogo td.last-td img{ float: right; margin-right: 14px; opacity: 0.3; filter:alpha(opacity=30); } ul{ padding:60px 0px 0px 0px; margin:0px; list-style:none; } ul li{ height:32px; width:250px; text-align: left; } li.unLi{ /*background:url(../login/loginUser.png);*/ background:url(../img/login/input-box.png); } li.pwLi{ /*background:url(../login/loginPwd.png);*/ background:url(../img/login/input-box.png); } li.blank{ height:8px; } input.text{ border:0px; height:32px; line-height:32px; width:175px; padding:0px; /*margin-left: 39px;*/ font-size:14px; color:#A7A9AC; font-family:"Arial","Verdana"; font-weight:normal; background-color: transparent; vertical-align: top; } input.text:focus{ outline: none; } label.loginBtn{ height:32px; display:inline-block; width:250px; margin-top:8px; line-height: 32px; color: #FFFFFF; font-size:18px; font-family: Arial; /*background:url(../img/login/loginButton.png);*/ background-color:#4ACBD6; border-radius:5px; cursor:pointer; } li img{ line-height: 40px; margin: 9px 6px 9px 9px; } iframe#top{ width:100%; height:96px; border: none; display: block; } html{ overflow: hidden; } table,tr,td{ padding: 0; } td { font-family:"Times New Roman", "ËÎÌå"; font-size: 12px; } form { font-family:"Times New Roman", "ËÎÌå"; font-size: 12px; } /* body { font-family:"Arial Black", "ºÚÌå"; font-size: 16px; background: #4ACBD6 } */ .style1 { font-family:Arial; color: #FFFFFF; font-size: 18px; padding-right: 50; text-align: left; font-weight: bold; white-space: nowrap; } .style2 { font-size: 14px; font-family:Arial; font-weight: bold; padding-right: 50; text-align: left; white-space: nowrap; color: #FFFFFF; } tr{ vertical-align: top; } #first-td{ width:234px; } #first-td img { margin:27px 0 0 25px; cursor: pointer; } #second-td { padding-top: 25px; } #third-td img { float:right; opacity: 0.3; filter\0: alpha(opacity=30); margin-right: 14px; } input[type="text"]::-ms-clear, input[type='password']::-ms-reveal{ display:non
Open service 46.175.184.161:81
2024-09-09 19:56
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 46.175.184.161:81
2024-09-07 19:55
HTTP/1.0 200 OK Content-type: application/binary Server: uc-httpd 1.0.0 Expires: 0 Page title: 404 File Not Found <html><head><title>404 File Not Found</title></head> <body>The requested URL was not found on this server</body></html>
Open service 46.175.184.161:81
2024-08-11 21:38
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> var ShowTipFlag=1; if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function reminder() { var nSel=$('langlist').selectedIndex; var cLanguage; switch(nSel) { case 0: cLanguage="English"; break; case 1: cLanguage="French"; break; case 2: cLanguage="Hungarian"; break; case 3: cLanguage="Italian"; break; case 4: cLanguage="Japanese"; break; case 5: cLanguage="Portugal"; break; case 6: cLanguage="Russian"; break; case 7: cLanguage="SimpChinese"; break; case 8: cLanguage="Spanish"; break; case 9: cLanguage="TradChinese"; break; case 10: cLanguage="German"; break; case 11: cLanguage="Poland"; break; case 12: cLanguage="Turkey"; break; case 13: cLanguage="Romanian"; break; case 14: cLanguage="Suomi"; break; case 15: cLanguage="Korean"; break; case 16: cLanguage="Farsi"; break; case 17: cLanguage="Thai"; break; case 18: cLanguage="Greek"; break; case 19: cLanguage="Vietnamese"; break; case 20: cLanguage="Brazilian"; break; case 21: cLanguage="Hebrew"; break; case 22: cLanguage="Arabic"; break; case 23: cLanguage="Bulgarian"; break; case 24: cLanguage="Czech"; break; case 25: cLanguage="Azerbaycan"; break; default: cLanguage="English"; break; } if(2==ShowTipFlag) { switch(nSel) { case 0: cLanguage="English"; alert("Please set the encrypted problem!"); break; case 7: cLanguage="SimpChinese"; alert("请先设置密保问题!"); break; default: cLanguage="English"; alert("Please set the encrypted problem!"); break; } } else { location="reminder.html?cLanguage="+cLanguage; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; }
Open service 46.175.184.161:81
2024-08-09 22:32
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> var ShowTipFlag=1; if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function reminder() { var nSel=$('langlist').selectedIndex; var cLanguage; switch(nSel) { case 0: cLanguage="English"; break; case 1: cLanguage="French"; break; case 2: cLanguage="Hungarian"; break; case 3: cLanguage="Italian"; break; case 4: cLanguage="Japanese"; break; case 5: cLanguage="Portugal"; break; case 6: cLanguage="Russian"; break; case 7: cLanguage="SimpChinese"; break; case 8: cLanguage="Spanish"; break; case 9: cLanguage="TradChinese"; break; case 10: cLanguage="German"; break; case 11: cLanguage="Poland"; break; case 12: cLanguage="Turkey"; break; case 13: cLanguage="Romanian"; break; case 14: cLanguage="Suomi"; break; case 15: cLanguage="Korean"; break; case 16: cLanguage="Farsi"; break; case 17: cLanguage="Thai"; break; case 18: cLanguage="Greek"; break; case 19: cLanguage="Vietnamese"; break; case 20: cLanguage="Brazilian"; break; case 21: cLanguage="Hebrew"; break; case 22: cLanguage="Arabic"; break; case 23: cLanguage="Bulgarian"; break; case 24: cLanguage="Czech"; break; case 25: cLanguage="Azerbaycan"; break; default: cLanguage="English"; break; } if(2==ShowTipFlag) { switch(nSel) { case 0: cLanguage="English"; alert("Please set the encrypted problem!"); break; case 7: cLanguage="SimpChinese"; alert("请先设置密保问题!"); break; default: cLanguage="English"; alert("Please set the encrypted problem!"); break; } } else { location="reminder.html?cLanguage="+cLanguage; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; }
Open service 46.175.184.161:81
2024-08-07 21:36
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> var ShowTipFlag=1; if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function reminder() { var nSel=$('langlist').selectedIndex; var cLanguage; switch(nSel) { case 0: cLanguage="English"; break; case 1: cLanguage="French"; break; case 2: cLanguage="Hungarian"; break; case 3: cLanguage="Italian"; break; case 4: cLanguage="Japanese"; break; case 5: cLanguage="Portugal"; break; case 6: cLanguage="Russian"; break; case 7: cLanguage="SimpChinese"; break; case 8: cLanguage="Spanish"; break; case 9: cLanguage="TradChinese"; break; case 10: cLanguage="German"; break; case 11: cLanguage="Poland"; break; case 12: cLanguage="Turkey"; break; case 13: cLanguage="Romanian"; break; case 14: cLanguage="Suomi"; break; case 15: cLanguage="Korean"; break; case 16: cLanguage="Farsi"; break; case 17: cLanguage="Thai"; break; case 18: cLanguage="Greek"; break; case 19: cLanguage="Vietnamese"; break; case 20: cLanguage="Brazilian"; break; case 21: cLanguage="Hebrew"; break; case 22: cLanguage="Arabic"; break; case 23: cLanguage="Bulgarian"; break; case 24: cLanguage="Czech"; break; case 25: cLanguage="Azerbaycan"; break; default: cLanguage="English"; break; } if(2==ShowTipFlag) { switch(nSel) { case 0: cLanguage="English"; alert("Please set the encrypted problem!"); break; case 7: cLanguage="SimpChinese"; alert("请先设置密保问题!"); break; default: cLanguage="English"; alert("Please set the encrypted problem!"); break; } } else { location="reminder.html?cLanguage="+cLanguage; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; }