Host 118.68.0.95
Vietnam
-
Vulnerable HiSilicon family DVR
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
First seen 2022-05-27 04:12
Last seen 2022-05-30 00:27
Open for 2 days-
Severity: high
Fingerprint: 321975614123c6c05f83e99b0bea47c0987bc785987bc785987bc785987bc785Found HiSiliconDVR firmware: Hardware: General ECT7004T-MHV2 Vulnerable to multiple issues : LFI, possibly RCE
Found on 2022-05-27 04:12
-
-
Open service 118.68.0.95:88
2023-01-16 16:04
Date: Mon, 16 Jan 2023 23:01:58 GMT Content-Type: text/html Content-Length: 114 Connection: close X-XSS-Protection: 1;mode=block X-Content-Type-Options: nosniff Location: https://118.68.0.95:443/ Page title: 302 Found <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center></body></html>
Found 2023-01-16 by HttpPluginCreate report
-
Open service 118.68.0.95:443
2023-01-24 09:51
CONNECTION: close Date: Tue, 24 Jan 2023 16:48:22 GMT Last-Modified: Fri, 17 May 2019 07:44:28 GMT Etag: "1558079068:beb" CONTENT-LENGTH: 3051 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=604800; includeSubDomains X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html Page title: WEB SERVICE <!DOCTYPE HTML> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta charset="UTF-8"> <title>WEB SERVICE</title> <link href="./baseProj/images/favicon.ico" type="image/x-icon" rel="shortcut icon"> <script src="ext/ext-all.js"></script> <script type="text/javascript" src="./projectPath.js"></script> <script type="text/javascript" src="/app/libs/require.js"></script> <script type="text/javascript" src="/app/jsCore/require-config.js"></script> <script type="text/javascript">Ext.onReady(function () { //启用缓存 Ext.Loader.setConfig({ "disableCaching": true, "paths":{ "basePath": BASEURL, //配置基础项目的文件路径 "projectPath": PROJECT_URL //配置定制项目的文件路径 } }); //定义项目的加载路径 var basePath = Ext.Loader.getPath('basePath'), projectPath = Ext.Loader.getPath('projectPath'); //设置类的地址路径 Ext.Loader.setPath({ "jsCore": "app/jsCore", 'component': "baseProj/js/component", 'js': 'baseProj/js', 'plugin': 'app/plugin', 'widget': 'baseProj/js/widget', 'baseCls':'app/baseCls', 'app': 'baseCls', //各个项目统一一个app 'customJs': projectPath+'js', // 非基线项目引用的js路径 'desktop':PROJ_MODULE.indexOf('desktop') != -1? projectPath+'js/desktop':basePath+'/js/desktop', //加载指定项目的Desktop.js 'data': PROJ_MODULE.indexOf('data') != -1 ? projectPath + 'data': basePath + '/data' //加载指定项目的数据文件 }); //桌面内容不可选择 Ext.getBody().unselectable(); require(['pubsub', 'core', 'extend', 'libs/qrcode', 'libs/jsonpath', 'libs/json2', 'libs/base64', 'libs/md5', 'libs/aes', 'libs/rsa', 'timeaxes/TimeAxes', 'timeaxes/TimeAxesAdaptor', 'timeaxes/TimeGridLayer', 'h5Player' ], function () { //载入必要的模块,字符串文件加载完成后,初始化和加载应用 Ext.require(['jsCore.Common'], function () { jsCore.Common.getJsonLanguage().done(function () { //自验问题修改:设备初始化界面,密码输入框输入时,报js错误,修改为先设置规则 jsCore.Common.setFieldVtype(); Ext.require(['baseCls.App']); //***密码输入框输入时,报js错误 END***// }); }); }); });</script> </head> <body></body> <script type="text/javascript" src="./pluginVersion.js"></script> <script type="text/javascript" src="./webVersion.js"></script> <script type="text/javascript" src="./cap.js"></script> </html>Found 2023-01-24 by HttpPluginCreate report
-
Open service 118.68.0.95:443
2023-01-20 16:25
CONNECTION: close Date: Fri, 20 Jan 2023 23:22:15 GMT Last-Modified: Fri, 17 May 2019 07:44:28 GMT Etag: "1558079068:beb" CONTENT-LENGTH: 3051 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN Strict-Transport-Security: max-age=604800; includeSubDomains X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html Page title: WEB SERVICE <!DOCTYPE HTML> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta charset="UTF-8"> <title>WEB SERVICE</title> <link href="./baseProj/images/favicon.ico" type="image/x-icon" rel="shortcut icon"> <script src="ext/ext-all.js"></script> <script type="text/javascript" src="./projectPath.js"></script> <script type="text/javascript" src="/app/libs/require.js"></script> <script type="text/javascript" src="/app/jsCore/require-config.js"></script> <script type="text/javascript">Ext.onReady(function () { //启用缓存 Ext.Loader.setConfig({ "disableCaching": true, "paths":{ "basePath": BASEURL, //配置基础项目的文件路径 "projectPath": PROJECT_URL //配置定制项目的文件路径 } }); //定义项目的加载路径 var basePath = Ext.Loader.getPath('basePath'), projectPath = Ext.Loader.getPath('projectPath'); //设置类的地址路径 Ext.Loader.setPath({ "jsCore": "app/jsCore", 'component': "baseProj/js/component", 'js': 'baseProj/js', 'plugin': 'app/plugin', 'widget': 'baseProj/js/widget', 'baseCls':'app/baseCls', 'app': 'baseCls', //各个项目统一一个app 'customJs': projectPath+'js', // 非基线项目引用的js路径 'desktop':PROJ_MODULE.indexOf('desktop') != -1? projectPath+'js/desktop':basePath+'/js/desktop', //加载指定项目的Desktop.js 'data': PROJ_MODULE.indexOf('data') != -1 ? projectPath + 'data': basePath + '/data' //加载指定项目的数据文件 }); //桌面内容不可选择 Ext.getBody().unselectable(); require(['pubsub', 'core', 'extend', 'libs/qrcode', 'libs/jsonpath', 'libs/json2', 'libs/base64', 'libs/md5', 'libs/aes', 'libs/rsa', 'timeaxes/TimeAxes', 'timeaxes/TimeAxesAdaptor', 'timeaxes/TimeGridLayer', 'h5Player' ], function () { //载入必要的模块,字符串文件加载完成后,初始化和加载应用 Ext.require(['jsCore.Common'], function () { jsCore.Common.getJsonLanguage().done(function () { //自验问题修改:设备初始化界面,密码输入框输入时,报js错误,修改为先设置规则 jsCore.Common.setFieldVtype(); Ext.require(['baseCls.App']); //***密码输入框输入时,报js错误 END***// }); }); }); });</script> </head> <body></body> <script type="text/javascript" src="./pluginVersion.js"></script> <script type="text/javascript" src="./webVersion.js"></script> <script type="text/javascript" src="./cap.js"></script> </html>Found 2023-01-20 by HttpPluginCreate report
-
Open service 118.68.0.95:80
2022-12-13 23:51
Connection: close Content-Length: 7062 Content-Type: text/html Date: Tue, 13 Dec 2022 23:51:02 GMT Expires: 0 Page title: RouterOS router configuration page
Found 2022-12-13 by HttpPluginCreate report