xhmmhttpsv130-wbs20221001
tcp/8080
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99bcb8e72f6fc184637fc184637fc184637fc184637
Found HiSiliconDVR firmware: Hardware: General MBD6016E-E Vulnerable to multiple issues : LFI, possibly RCE
Open service 60.250.201.207:8080
2024-09-27 20:03
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Sat, 28 Sep 2024 04:03:24 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-25 20:11
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Thu, 26 Sep 2024 04:11:48 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-23 20:20
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Tue, 24 Sep 2024 04:20:12 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-15 20:21
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Mon, 16 Sep 2024 04:21:20 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-13 20:16
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Sat, 14 Sep 2024 04:16:13 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-11 21:40
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Thu, 12 Sep 2024 05:40:53 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-10 18:45
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Wed, 11 Sep 2024 02:46:02 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-09 20:52
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Tue, 10 Sep 2024 04:52:20 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-09-07 21:01
HTTP/1.1 401 Unauthorized Server: xhmmhttpsv130-wbs20221001 Date: Sun, 08 Sep 2024 05:01:09 GMT Cache-Control: no-cache,no-store WWW-Authenticate: Basic realm="." Content-Type: text/html; charset=%s Connection: close Page title: 401 Unauthorized <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-type" content="text/html;charset=UTF-8"> <title>401 Unauthorized</title> </head> <body bgcolor="#cc9999" text="#000000" link="#2020ff" vlink="#4040cc"> <h4>401 Unauthorized</h4> Authorization required. <hr> <address><a href="http://www.acme.com/software/mini_httpd/">xhmmhttpsv130-wbs20221001</a></address> </body> </html>
Open service 60.250.201.207:8080
2024-08-17 23:00
HTTP/1.0 200 OK Content-type: text/html Server: uc-httpd 1.0.0 Expires: 0 Page title: NETSurveillance WEB <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" type="text/css" media="screen" href="m.css" /> <title>NETSurveillance WEB</title> <!-- m.js --> <script type="text/javascript" language="JavaScript"> var ShowTipFlag=2; if(navigator.userAgent.indexOf('IE') < 0) { var userAgent = navigator.userAgent, rMsie = /(msie\s|trident.*rv:)([\w.]+)/, rFirefox = /(firefox)\/([\w.]+)/, rOpera = /(opera).+version\/([\w.]+)/, rChrome = /(chrome)\/([\w.]+)/, rSafari = /version\/([\w.]+).*(safari)/; var browserMatch = uaMatch(userAgent.toLowerCase()); if(browserMatch.browser!="IE") { location="Login.htm"; } } function reminder() { var nSel=$('langlist').selectedIndex; var cLanguage; switch(nSel) { case 0: cLanguage="English"; break; case 1: cLanguage="French"; break; case 2: cLanguage="Hungarian"; break; case 3: cLanguage="Italian"; break; case 4: cLanguage="Japanese"; break; case 5: cLanguage="Portugal"; break; case 6: cLanguage="Russian"; break; case 7: cLanguage="SimpChinese"; break; case 8: cLanguage="Spanish"; break; case 9: cLanguage="TradChinese"; break; case 10: cLanguage="German"; break; case 11: cLanguage="Poland"; break; case 12: cLanguage="Turkey"; break; case 13: cLanguage="Romanian"; break; case 14: cLanguage="Suomi"; break; case 15: cLanguage="Korean"; break; case 16: cLanguage="Farsi"; break; case 17: cLanguage="Thai"; break; case 18: cLanguage="Greek"; break; case 19: cLanguage="Vietnamese"; break; case 20: cLanguage="Brazilian"; break; case 21: cLanguage="Hebrew"; break; case 22: cLanguage="Arabic"; break; case 23: cLanguage="Bulgarian"; break; case 24: cLanguage="Czech"; break; default: cLanguage="English"; break; } if(2==ShowTipFlag) { switch(nSel) { case 0: cLanguage="English"; alert("Please set the encrypted problem!"); break; case 7: cLanguage="SimpChinese"; alert("请先设置密保问题!"); break; default: cLanguage="English"; alert("Please set the encrypted problem!"); break; } } else { location="reminder.html?cLanguage="+cLanguage; } } function uaMatch(ua) { var match = rMsie.exec(ua); if (match != null) { return { browser : "IE", version : match[2] || "0" }; } var match = rFirefox.exec(ua); if (match != null) { return { browser : match[1] || "", version : match[2] || "0" }; } var match = rOpera.exec(ua); if (match != null) {