GeneralInformation

Country	China
City	Shijiazhuang
Organization	CHINANET hebei province network
ISP	CHINANET-BACKBONE
ASN	AS4134
Operating System	Linux

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2019-11072	7.5lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
CVE-2018-19052	5.0An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
CVE-2015-3200	5.0mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
CVE-2014-2324	5.0Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.
CVE-2014-2323	7.5SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

OpenPorts

22 53 10000 49153

1009479592 | 2024-05-14T22:18:13.523952

22 / tcp

SSH-2.0-dropbear_0.52
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAAAgwChxVMu32cInon7gIJgC3pdqHg0PL+g4NTEQrBPVUlDOM7/
In71BL3JgJ6cQmhTGGNeQ+C5tihwYHxmjHpoTsyeJZRu/wgWhswXhM69nRfvm68nCQY3k41sTXWB
1gIlOvdLYDxp3qm0XQaZJfsBkx1aAlq0rXqkC992I16VqTSYz5ZP
Fingerprint: 44:5c:69:7d:66:90:e5:b6:9c:65:6f:27:9d:d7:01:7d

Kex Algorithms:
	diffie-hellman-group1-sha1

Server Host Key Algorithms:
	ssh-rsa
	ssh-dss

Encryption Algorithms:
	aes128-ctr
	3des-ctr
	aes256-ctr
	aes128-cbc
	3des-cbc
	aes256-cbc
	twofish256-cbc
	twofish-cbc
	twofish128-cbc
	blowfish-cbc

MAC Algorithms:
	hmac-sha1-96
	hmac-sha1
	hmac-md5

Compression Algorithms:
	none

1060246971 | 2024-05-14T12:33:58.209012

10000 / tcp

HTTP/1.1 403 Forbidden
Content-Type: text/html
Content-Length: 345
Date: Tue, 14 May 2024 12:33:52 GMT
Server: lighttpd/1.4.34

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
  <title>403 - Forbidden</title>
 </head>
 <body>
  <h1>403 - Forbidden</h1>
 </body>
</html>

1379636754 | 2024-04-24T08:38:33.301319

49153 / tcp

HTTP/1.1 404 Not Found
SERVER: Linux/3.10.39, UPnP/1.0, Portable SDK for UPnP devices/1.6.19
CONNECTION: close
CONTENT-LENGTH: 48
CONTENT-TYPE: text/html

222.222.71.101

Last Seen: 2024-05-14

GeneralInformation

Vulnerabilities

OpenPorts

1009479592 | 2024-05-14T22:18:13.523952
22 / tcp

Dropbear sshd0.52

1060246971 | 2024-05-14T12:33:58.209012
10000 / tcp

lighttpd1.4.34

1379636754 | 2024-04-24T08:38:33.301319
49153 / tcp

Products

Pricing

Contact Us

222.222.71.101

Last Seen: 2024-05-14

GeneralInformation

Vulnerabilities

OpenPorts

1009479592 | 2024-05-14T22:18:13.523952 22 / tcp

Dropbear sshd0.52

1060246971 | 2024-05-14T12:33:58.209012 10000 / tcp

lighttpd1.4.34

1379636754 | 2024-04-24T08:38:33.301319 49153 / tcp

Products

Pricing

Contact Us

1009479592 | 2024-05-14T22:18:13.523952
22 / tcp

1060246971 | 2024-05-14T12:33:58.209012
10000 / tcp

1379636754 | 2024-04-24T08:38:33.301319
49153 / tcp