This report discloses serious vulnerabilities (with proof of concept (PoC)
code) of DVR/NVR devices built using the HiSilicon hi3520d and similar system on
a chip (SoC). Exploiting the vulnerabilities lead to unauthorized remote code
execution (RCE) using only the web interface, causing full takeover of the exploited
device. Due to lack of upgraded firmwares, using these devices is not
recommended. Contacted the vendor before Dec 2016, but still no response.
Couple of years ago I have bought a cheap Chinese DVR device on eBay. The boot logo of the device
says: “SECULINK – Security Monitoring”. As an IT security enthusiast, I decided to have a closer look
of the device to see how “secure” that security monitoring service is. Googling about the topic I have
found some interesting materials, but digged deeper, and found much more interesting and much
more serious issues (0-days) about the device.
Let us have a look at the full hacking session from the beginning. (The new, own achievements will
be noted as the old, known ones as well.)
exploring the DVR
First we should learn the official user interface, then dig deeper, maybe try to obtain the firmware.
The chances to find vulnerabilities increase with the firmware..