This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b29a4a388ea09eeadea09eeadea09eeadea09eead
Found HiSiliconDVR firmware: Hardware: General MBD6508E Vulnerable to multiple issues : LFI, possibly RCE
Open service 49.49.6.238:81
2024-06-21 00:46
HTTP/1.1 200 OK Cache-Control: max-age=31536000 Connection: close Content-Length: 2723 Content-Type: text/html Date: Fri, 21 Jun 2024 00:46:14 GMT Expires: Sat, 21 Jun 2025 00:46:14 GMT X-Frame-Options: sameorigin Page title: RouterOS <!doctype html> <html lang="en"> <meta charset="utf-8"> <link rel="icon" href="/favicon.png"> <link rel="icon" href="/favicon.svg"> <title>RouterOS</title> <style> body { font-family: Verdana, Geneva, sans-serif; font-size: 11px; } img {border: none} img:hover {opacity: 0.8;} h1 { font-size: 1.7em; display: inline; margin-bottom: 10px; } #container { width: 70%; margin: 10% auto; } #box { background: linear-gradient(#ffffff,#f3f3f3); border: 1px solid #c1c1c1; padding: 30px; } .floater {float: left; margin-right: 10px;} .floater label {display: block; text-align: center;} #login {margin: 2em 0 2em 0;} #login td {padding: 0 4px 0 0;} #login td.label {text-align: right;} #login input { margin: 2px; padding: 2px; border: 1px solid #888; box-shadow: 1px 1px 3px rgba(0,0,0,0.3); } #error { color:red; padding: 1em 0 0 0; } #login input[type=submit] { box-shadow:inset 0px 1px 0px 0px #ffffff; background-color:#ededed; border-radius:3px; border:1px solid #dcdcdc; cursor:pointer; color:#000; font-size:12px; padding:4px 24px; } #login input[type=submit]:hover { background-color:#dfdfdf; } #login input[type=submit]:active { position:relative; top:1px; } </style> <script src="script.js"></script> <div id="container"> <div id="box"> <a href="https://mikrotik.com"><img src="mikrotik_logo.png" style="float: right;" alt="Mikrotik"></a><br style="clear: both;"> <h1>RouterOS</h1> <p>You have connected to a router. Administrative access only. If this device is not in your possession, please contact your local network administrator.</p> <form id="login"> <table> <tr><td class="label"><label for="name">Login:</label> <td><input id="name" autocomplete="username" type="text" data-defaultuser="admin"> <tr><td class="label"><label for="password">Password:</label> <td><input id="password" type="password" autofocus> <td><input type="submit" value="Login"> <td> <tr><td colspan="3"> <div id="error"></div> </table> </form> <div> <div class="floater"><a href="https://mt.lv/winbox64"><img src="winbox.png" alt="Winbox"></a><br><label>Winbox</label></div> <div class="floater"><a href="/graphs"><img src="green.png" alt="Graphs"></a><br><label>Graphs</label></div> <div class="floater"><a href="/help/license.html"><img src="license.png" alt="License"></a><br><label>License</label></div> <div class="floater"><a href="https://help.mikrotik.com/docs/"><img src="help.png" alt="Help"></a><br><label>Help</label></div> </div> <br style="clear: both"> <div style="float: right">© <a href="https://mikrotik.com">mikrotik</a></div> </div> </div>