LeakIX - Host 85.105.187.197

Host 85.105.187.197

Türkiye

Turk Telekom

Software information

xxxx

tcp/443

Vulnerable HiSilicon family DVR

This vulnerability (with proof of concept (PoC) code) affects DVR/NVR devices built using the HiSilicon hi3520d and similar system on a chip (SoC).

Exploiting the vulnerabilities lead to unauthorized remote code execution (RCE) using only the web interface, causing full takeover of the exploited device

IP: 85.105.187.197
Port: 80
URL: http://85.105.187.197

First seen 2022-05-14 23:28
Last seen 2023-03-16 02:44
Open for 305 days
- Severity: high
  Fingerprint: 321975614123c6c05f83e99b9ef7d2d583a0925683a0925683a0925683a09256
```
Found HiSiliconDVR firmware:
Hardware: General TVI9708H_H
Vulnerable to multiple issues : LFI, possibly RCE
```
  Found on 2022-05-14 23:28
Create report

Open service 85.105.187.197:443

2024-03-02 19:16

HTTP/1.1 200 OK
Date: Sat, 02 Mar 2024 19:12:08 GMT
Server: xxxx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src https: data: ws: wss: blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; frame-ancestors 'self';
X-XSS-Protection: 1; mode=block
Content-Type: text/html;charset=utf-8
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 24690
Set-Cookie: JSESSIONID=skcnea0qhnqhcvwgkg591cbn239; Path=/userportal; Secure; HttpOnly
Connection: close

Page title: User Portal

<!DOCTYPE HTML>

<meta http-equiv="X-UA-Compatible" content="IE=edge">






















<html lang="en">
<head>

<title>User Portal</title>
<link href="/themes/lite1/css/typography.css?version=197aee944a8b954330df7f6ed8a563d3" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="/themes/lite1/css/loginstylesheet.css?ver=197aee944a8b954330df7f6ed8a563d3" type="text/css">
<LINK REL="ICON" HREF="/images/favicon.ico?ver=197aee944a8b954330df7f6ed8a563d3">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<script type="text/javascript" src="/javascript/validation/JavaConstants.js?ver=197aee944a8b954330df7f6ed8a563d3"></script>
<script type="text/javascript" src="/javascript/validation/OEM.js?ver=197aee944a8b954330df7f6ed8a563d3"></script>
</head>
<script>
var OWN_STATUS = "2";
var AUXILIARY = "1";
</script>

<script>
var isUserOAuth = false;
</script>
<body  onload="document.forms[0].username.focus(); document.forms[0].username.select();initLogin();">
<noscript>
	<div align="center">
		<h2>Your browser does not support JavaScript or it is disabled!<br>Without JavaScript support user portal will not work.</h2>
	</div>
</noscript>
<form onsubmit="return false;" method="post">
<input type="hidden" name="login_username" value="" >
<input type=hidden name=mode value="1" >
<div id="htmlData">
	<div id="wrapper">
	    <div id="header">
	    	<div class="language_select">
	        	<select name="languageid" id="languageid" onchange="loadLanguageFile(this.value)">
	            	
		              				<option value="10" >Brazilian-Portuguese</option>
		              		
		              				<option value="4" >Chinese-Simplified</option>
		              		
		              				<option value="3" >Chinese-Traditional</option>
		              		
		              				<option value="1" selected="selected">English</option>
		              		
		              				<option value="5" >French</option>
		              		
		              				<option value="7" >German</option>
		              		
		              				<option value="8" >Italian</option>
		              		
		              				<option value="6" >Japanese</option>
		              		
		              				<option value="9" >Korean</option>
		              		
		              				<option value="11" >Russian</option>
		              		
		              				<option value="12" >Spanish</option>
		              		
	            </select>
	        </div>
	    </div>
		<div id="content-area">
	    	<div id="sectionL" class="left">
	        	
	        	<div class="login_form" id="credentialdiv">
	        	
	            	<img src="/images/logo/group-small-on-dark.png?v=197aee944a8b954330df7f6ed8a563d3" alt="" style="border:0px;" />
	                <div class="login_detail" id="normalTBody" style="margin-bottom:8px">
	                	<label id="Language.Username"></label>
	                    <input name="username" type="text" id="username" size="30" maxlength="60" />
	                    
	                   <label id="Language.Password"></label>
	                   <input name="password" type="password" id="password" value="" size="30" autocomplete="off" maxlength="60" onFocus="if(this.value=='Password')this.value='';" />

						
						<style type="text/css">
							#sectionL .login_form {
								margin-top: 70px;
								margin-bottom: 0;
							}

							.captcha-container {
								float: left;
							}

							.captcha-container .img-wrapper {
								float: left;
								width: 100%;
								position: relative;
							}

							.captcha-container .img-wrapper img {
								width: 100%;
								border-radius: 3px;
								display: block;
								float: left;
								height: 60px;
							}

							.captcha-container #btnRefresh {
								display: block;
								width: 20px;
								background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJQAAACQCAYAAADurULCAAAZ+klEQVR4Xu2de1wM3//HZ3dnuyqUcv3Qh/CRa9Y19bGRSxe3skI3UuleElLJh1Qk+dCFlNyFcimS6IaSokTJLYTS1z1R2nZn5vc4Pnx/fXzRbDs7O2XOPz0e7Zn3eZ/Xec6ZmXPe5xwGRCdaAQIVYBBoizZFKwDRQNEQEKoADRShctLGaKBoBghVgAaKUDlpYzRQNAOEKkADRa

Found 2024-03-02 by HttpPlugin

Create report

Fingerprint:

59c135b827eeb199e133c48567196773b862300177348e4402a6b727c474c728

CN:

Appliance_Certificate_l1naCJ2r1gkflqV

Key:

RSA-2048

Issuer:

GOKMEN BORAJ

Not before:

2015-08-01 00:00

Not after:

2036-12-31 23:59

Domain summary

No record

Host 85.105.187.197

Türkiye

Software information

Vulnerable HiSilicon family DVR

Create report

Domain summary