GeneralInformation

Country	China
City	Hefei
Organization	CHINANET Anhui province network
ISP	CHINANET-BACKBONE
ASN	AS4134
Operating System	MikroTik RouterOS 6.44.2

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

444 1723 2000 8888 9000 13579

-299985114 | 2024-04-19T20:37:48.863674

444 / tcp

HTTP/1.1 407 OK
Date: Wed, 20 Jan 2021 05:55:41 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 33
Connection: keep-alive

please add white ip 224.32.59.30

-1794529552 | 2024-05-08T06:25:45.186064

1723 / tcp

PPTP:
  Firmware: 1
  Hostname: 37
  Vendor: MikroTik

-1538260461 | 2024-04-22T13:25:25.623529

2000 / tcp

\x01\x00\x00\x00

989604627 | 2024-05-10T17:54:51.508196

8888 / tcp

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 7063
Content-Type: text/html
Date: Fri, 10 May 2024 17:54:51 GMT
Expires: 0


MikroTik RouterOS:
  Version: 6.44.2

-1944457737 | 2024-04-18T12:11:32.918654

9000 / tcp

HTTP/1.1 407 Proxy Authentication Required
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 18 Apr 2024 12:11:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Proxy-Authenticate: Basic realm="Test Authentication System"

0

-917708584 | 2024-04-17T21:38:05.380210

13579 / tcp

HTTP/1.1 407 OK
Date: Wed, 20 Jan 2021 05:55:41 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 32
Connection: keep-alive

183.166.1.86

Last Seen: 2024-05-10

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-299985114 | 2024-04-19T20:37:48.863674
444 / tcp

-1794529552 | 2024-05-08T06:25:45.186064
1723 / tcp

PPTP

-1538260461 | 2024-04-22T13:25:25.623529
2000 / tcp

MikroTik bandwidth-test server

989604627 | 2024-05-10T17:54:51.508196
8888 / tcp

-1944457737 | 2024-04-18T12:11:32.918654
9000 / tcp

nginx1.18.0

-917708584 | 2024-04-17T21:38:05.380210
13579 / tcp

Products

Pricing

Contact Us

183.166.1.86

Last Seen: 2024-05-10

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

-299985114 | 2024-04-19T20:37:48.863674 444 / tcp

-1794529552 | 2024-05-08T06:25:45.186064 1723 / tcp

PPTP

-1538260461 | 2024-04-22T13:25:25.623529 2000 / tcp

MikroTik bandwidth-test server

989604627 | 2024-05-10T17:54:51.508196 8888 / tcp

-1944457737 | 2024-04-18T12:11:32.918654 9000 / tcp

nginx1.18.0

-917708584 | 2024-04-17T21:38:05.380210 13579 / tcp

Products

Pricing

Contact Us

-299985114 | 2024-04-19T20:37:48.863674
444 / tcp

-1794529552 | 2024-05-08T06:25:45.186064
1723 / tcp

-1538260461 | 2024-04-22T13:25:25.623529
2000 / tcp

989604627 | 2024-05-10T17:54:51.508196
8888 / tcp

-1944457737 | 2024-04-18T12:11:32.918654
9000 / tcp

-917708584 | 2024-04-17T21:38:05.380210
13579 / tcp