Host 186.204.251.169
Brazil
Software information
Apache 2.4.52
tcp/8001
-
Vulnerable HiSilicon family DVR
This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).
Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device
First seen 2024-04-23 03:44
Last seen 2024-08-21 20:12
Open for 120 days-
Severity: high
Fingerprint: 321975614123c6c05f83e99b154a1d23b6e66ed8b6e66ed8b6e66ed8b6e66ed8Found HiSiliconDVR firmware: Hardware: Intelbras MBD6304T_NVD1208 Vulnerable to multiple issues : LFI, possibly RCE
Found on 2024-08-21 20:12
-
-
Open service 186.204.251.169:8001
2024-10-28 22:39
HTTP/1.1 400 Bad Request Date: Mon, 28 Oct 2024 22:39:16 GMT Server: Apache/2.4.52 (Ubuntu) X-Content-Type-Options: nosniff X-XSS-Protection: 0 X-Robots-Tag: none X-Frame-Options: SAMEORIGIN X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Set-Cookie: ociksumh9t0l=c9frl2ddgnu0gd4v3rg778fv83; path=/; secure; HttpOnly; SameSite=Strict Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: oc_sessionPassphrase=3y9LzSneil70PVslgQNZCNP6tdKZ4IkqyzT%2BIVcOz6AC7WaggZVmGhbSGfauFozCKjQlg6HgelKHhKfj1eIwc8eskbvEHzG5%2BS0z1XZcNQA2NTuhBz6CxpAMfBWp2bsd; expires=Mon, 28-Oct-2024 22:59:16 GMT; Max-Age=1200; path=/; secure; HttpOnly; SameSite=Strict Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * Status: 400 Bad Request Content-Length: 6777 Connection: close Content-Type: text/html; charset=UTF-8 Page title: ownCloud <!DOCTYPE html> <html class="ng-csp" data-placeholder-focus="false" lang="en" > <head data-requesttoken="bBUcIywUOiFrBB0KJGsnMxRPEGEXBiVDIj0pBTU6NSE=:CtzdjGrQRRyrM8Vfp6D+DiG7CHYUMjoXY0MozE81KW8="> <meta charset="utf-8"> <title> ownCloud </title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="referrer" content="never"> <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0"> <meta name="apple-itunes-app" content="app-id=1359583808"> <meta name="theme-color" content="#041e42"> <link rel="icon" href="/core/img/favicon.ico"> <link rel="apple-touch-icon-precomposed" href="/core/img/favicon-touch.png"> <link rel="mask-icon" sizes="any" href="/core/img/favicon-mask.svg" color="#041e42"> <link rel="stylesheet" href="/core/vendor/select2/select2.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/styles.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/inputs.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/header.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/icons.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/fonts.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/apps.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/global.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/fixes.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/multiselect.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/mobile.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/vendor/jquery-ui/themes/base/jquery-ui.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/jquery-ui-fixes.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/tooltip.css?v=42bc9a437a4186d3a159aca89981aff3"> <link rel="stylesheet" href="/core/css/jquery.ocdialog.css?v=42bc9a437a4186d3a159aca89981aff3"> <script src="/index.php/core/js/oc.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/jquery/dist/jquery.min.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/jquery-migrate/jquery-migrate.min.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/jquery-ui/ui/jquery-ui.custom.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/underscore/underscore.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/moment/min/moment-with-locales.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/handlebars/handlebars.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/blueimp-md5/js/md5.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/bootstrap/js/tooltip.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/backbone/backbone.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/es6-promise/es6-promise.auto.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/davclient.js/lib/client.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/clipboard/dist/clipboard.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/vendor/bowser/src/bowser.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/js/jquery.ocdialog.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/js/oc-dialogs.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/js/js.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/js/l10n.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script src="/core/js/octemplate.js?v=42bc9a437a4186d3a159aca89981aff3"></script> <script
Found 2024-10-28 by HttpPluginCreate report
-
Open service 186.204.251.169:8003
2024-10-19 19:58
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sat, 19 Oct 2024 16:59:56 GMT Last-Modified: Fri, 21 Jun 2024 01:38:06 GMT Etag: "1718933886:c8e" CONTENT-LENGTH: 3214 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Found 2024-10-19 by HttpPluginCreate report
-
Open service 186.204.251.169:8003
2024-10-17 19:59
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Thu, 17 Oct 2024 17:00:48 GMT Last-Modified: Fri, 21 Jun 2024 01:38:06 GMT Etag: "1718933886:c8e" CONTENT-LENGTH: 3214 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Found 2024-10-17 by HttpPluginCreate report
-
Open service 186.204.251.169:8003
2024-10-15 20:04
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Tue, 15 Oct 2024 17:05:27 GMT Last-Modified: Fri, 21 Jun 2024 01:38:06 GMT Etag: "1718933886:c8e" CONTENT-LENGTH: 3214 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Found 2024-10-15 by HttpPluginCreate report
-
Open service 186.204.251.169:8003
2024-09-29 20:08
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Sun, 29 Sep 2024 17:10:02 GMT Last-Modified: Fri, 21 Jun 2024 01:38:06 GMT Etag: "1718933886:c8e" CONTENT-LENGTH: 3214 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Found 2024-09-29 by HttpPluginCreate report
-
Open service 186.204.251.169:8003
2024-09-27 20:03
HTTP/1.1 200 OK CONNECTION: keep-alive Date: Fri, 27 Sep 2024 17:04:24 GMT Last-Modified: Fri, 21 Jun 2024 01:38:06 GMT Etag: "1718933886:c8e" CONTENT-LENGTH: 3214 P3P: CP=CAO PSA OUR X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' X-Content-Type-Options: nosniff CONTENT-TYPE: text/html
Found 2024-09-27 by HttpPluginCreate report