DNVRS-Webs
tcp/80
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b076db6a40ed134490ed134490ed134490ed13449
Found HiSiliconDVR firmware: Hardware: NOCRYPO AHD9808H_F Vulnerable to multiple issues : LFI, possibly RCE
Open service 86.142.229.100:8085
2024-09-12 03:57
HTTP/1.1 404 Not Found
Open service 86.142.229.100:80
2024-09-12 01:27
HTTP/1.1 200 OK Date: Thu, 12 Sep 2024 02:30:55 GMT Server: DNVRS-Webs ETag: "0-aba-62d" Content-Length: 1581 Content-Type: text/html Connection: close Last-Modified: Thu, 25 Sep 2014 11:42:40 GMT Page title: index <!doctype html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache, must-revalidate"> <meta http-equiv="expires" content="0"> <title>index</title> <script> function initIndex() { if (navigator.appName == 'Netscape' || navigator.appName == "Opera") { var sysLanguage= navigator.language.toLowerCase(); } else { var sysLanguage= navigator.browserLanguage.toLowerCase(); } var szLanguage = sysLanguage.substring(0,2); if(szLanguage == "zh") { //中文需要区分简体和繁体 var arSysLan = sysLanguage.split("-"); if (arSysLan.length === 2) { var szLanguage = arSysLan[0].toLowerCase() + "_" + arSysLan[1].toUpperCase(); if(arSysLan[1].toLowerCase() === "cn") { $.cookie('language', 'zh'); } else { $.cookie('language', szLanguage); } } } else { $.cookie('language', szLanguage); } self.moveTo(0,0); //使其IE窗口最大化 self.resizeTo(screen.availWidth,screen.availHeight); $.cookie('updateTips', 'true'); window.location.href = "doc/page/login.asp"; } </script> </head> <body> <script type="text/javascript" src="doc/script/LAB.min.js"></script> <script> $LAB .script("doc/script/jquery-1.7.1.min.js").wait() .script("doc/script/jquery.cookie.js").wait() .script("doc/script/global_config.js?version=" + new Date()).wait(function () { initIndex(); }); </script> </body> </html>