This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
Severity: high
Fingerprint: 321975614123c6c05f83e99b26470c9312755508127555081275550812755508
Found HiSiliconDVR firmware: Hardware: General NBD7904T-PL-XPOE Vulnerable to multiple issues : LFI, possibly RCE
Open service 90.153.51.125:8089
2024-04-25 16:27
HTTP/1.1 404 Not Found Content-Length: 0