GeneralInformation

Country	China
City	Nanjing
Organization	CHINANET jiangsu province network
ISP	CHINANET-BACKBONE
ASN	AS4134

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-3618	5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-23017	6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

OpenPorts

1723 2121 7777 8888 9000

21947334 | 2024-05-09T07:54:12.923036

1723 / tcp

PPTP:
  Firmware: 1
  Hostname: 0655_XBJjoEOh
  Vendor: MikroTik

1601583941 | 2024-05-09T20:50:58.852379

2121 / tcp

220 66 FTP server (MikroTik 6.43.8) ready
530 Login incorrect
500 'HELP': command not understood
500 'FEAT': command not understood

6855467 | 2024-05-11T01:04:06.359970

7777 / tcp

HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Digest realm="proxy", nonce="663ec406", qop="auth"
Content-Type: text/html
Cache-Control: no-cache
Content-Length: 166

1859502071 | 2024-05-01T07:14:38.831376

8888 / tcp

HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Length: 7063
Content-Type: text/html
Date: Wed, 01 May 2024 07:14:36 GMT
Expires: 0


MikroTik RouterOS:
  Version: 6.43.8

-195021849 | 2024-04-25T15:44:52.350998

9000 / tcp

HTTP/1.1 407 Proxy Authentication Required
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 25 Apr 2024 15:44:52 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Proxy-Authenticate: Basic realm="Test Authentication System"

0

49.89.86.145

Last Seen: 2024-05-11

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

21947334 | 2024-05-09T07:54:12.923036
1723 / tcp

PPTP

1601583941 | 2024-05-09T20:50:58.852379
2121 / tcp

MikroTik router ftpd6.43.8

6855467 | 2024-05-11T01:04:06.359970
7777 / tcp

1859502071 | 2024-05-01T07:14:38.831376
8888 / tcp

-195021849 | 2024-04-25T15:44:52.350998
9000 / tcp

nginx1.18.0

Products

Pricing

Contact Us

49.89.86.145

Last Seen: 2024-05-11

Tags:

GeneralInformation

Vulnerabilities

OpenPorts

21947334 | 2024-05-09T07:54:12.923036 1723 / tcp

PPTP

1601583941 | 2024-05-09T20:50:58.852379 2121 / tcp

MikroTik router ftpd6.43.8

6855467 | 2024-05-11T01:04:06.359970 7777 / tcp

1859502071 | 2024-05-01T07:14:38.831376 8888 / tcp

-195021849 | 2024-04-25T15:44:52.350998 9000 / tcp

nginx1.18.0

Products

Pricing

Contact Us

21947334 | 2024-05-09T07:54:12.923036
1723 / tcp

1601583941 | 2024-05-09T20:50:58.852379
2121 / tcp

6855467 | 2024-05-11T01:04:06.359970
7777 / tcp

1859502071 | 2024-05-01T07:14:38.831376
8888 / tcp

-195021849 | 2024-04-25T15:44:52.350998
9000 / tcp