GeneralInformation

Hostnames	60-251-21-210.hinet-ip.hinet.net
Domains	hinet.net
Country	Taiwan
City	Taipei
Organization	Chunghwa Telecom Co.,Ltd.
ISP	Data Communication Business Group
ASN	AS3462

WebTechnologies

JavaScript libraries

UI frameworks

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

CVE-2020-11023	4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022	4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-11358	4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2019-11072	7.5lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.
CVE-2018-19052	5.0An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target filesystem path does have a trailing '/' character.
CVE-2015-9251	4.3jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

OpenPorts

22 80 443

-553772621 | 2024-05-14T17:52:01.504133

22 / tcp

SSH-2.0-OpenSSH_6.6.1_hpn13v11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDbeJcdAe85KNUeIRA7dxEvCJRXnYRoIsbWFufsBl2F7xgg
S7f2G/JNIC8dZ+kW5t03QHyIcf3m1bYQotPUtXuVdaXN652+WMBMaJ/LmaPk0rYGmQ+osSZu9kfZ
KvMWE5NAU5JqcUgBkugW6FLq/ljiqlzhTUjSinBHLz/Y28FJW8JBltFSkJCwCrKns6/3emCZKi1L
u93iX20lc3uIv4i6+y0dmA5GZrHliNDdo+aWbvKAOIOh3l+FMoNhRix8KZ/vlrkuo7fLqddg9a4+
GwfHMpDJck3SJ21EOAe72YOwTCaxsDyxDbvhx8yaMg7PRxvUpdUuyUyMVxwhvemrMbfV
Fingerprint: 24:de:d7:90:ad:57:e8:70:25:b4:d8:e8:e4:45:fa:8e

Kex Algorithms:
	curve25519-sha256@libssh.org
	ecdh-sha2-nistp256
	ecdh-sha2-nistp384
	ecdh-sha2-nistp521
	diffie-hellman-group-exchange-sha256
	diffie-hellman-group-exchange-sha1
	diffie-hellman-group14-sha1
	diffie-hellman-group1-sha1

Server Host Key Algorithms:
	ssh-rsa
	ssh-dss
	ecdsa-sha2-nistp256
	ssh-ed25519

Encryption Algorithms:
	aes128-ctr
	aes192-ctr
	aes256-ctr

MAC Algorithms:
	hmac-sha1
	hmac-ripemd160

Compression Algorithms:
	none
	zlib@openssh.com
	zlib

-251218870 | 2024-06-01T23:54:19.047064

80 / tcp

HTTP/1.1 301 Moved Permanently
Location: https://60.251.21.210/
Content-Length: 0
Date: Sat, 01 Jun 2024 23:54:18 GMT
Server: lighttpd/1.4.38

-1337742904 | 2024-06-01T23:54:22.562590

443 / tcp

HTTP/1.1 200 OK
Expires: Tue, 04 Jun 2024 01:54:22 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: max-age=180000
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Last-Modified: Sat, 01 Jun 2024 23:54:22 GMT
X-Frame-Options: SAMEORIGIN
Set-Cookie: PHPSESSID=afbf2eb18ba3eddc67e64f9059d65a86; path=/; secure; HttpOnly
Pragma: no-cache
Content-type: text/html
Transfer-Encoding: chunked
Date: Sat, 01 Jun 2024 23:54:22 GMT
Server: lighttpd/1.4.38

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=State, L=Locality, O=InstantBalance webConfigurator Self-Signed Certificate/emailAddress=admin@InstantBalance.localdomain, CN=InstantBalance-5909a75b96c4e
        Validity
            Not Before: May  3 09:48:12 2017 GMT
            Not After : Oct 24 09:48:12 2022 GMT
        Subject: C=US, ST=State, L=Locality, O=InstantBalance webConfigurator Self-Signed Certificate/emailAddress=admin@InstantBalance.localdomain, CN=InstantBalance-5909a75b96c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d3:9a:cf:81:47:49:d6:0c:2c:53:9c:1c:ad:38:
                    8e:dd:bf:67:a9:9f:b3:7f:2b:5e:bd:ad:bd:a5:62:
                    78:ba:1f:87:7b:e2:42:64:6b:ff:eb:d9:4a:08:4b:
                    26:1c:07:92:f3:2a:e2:45:4c:fc:10:68:d5:d9:ff:
                    b7:65:d1:f6:9f:45:4f:c0:c4:72:a6:42:b1:b6:c0:
                    96:c3:7c:5d:9e:20:f1:48:d0:5a:80:67:43:4d:72:
                    4d:2d:30:d6:5c:89:de:ea:8a:a3:7b:d7:77:58:b4:
                    2e:27:b1:90:ac:b8:cf:ba:3a:60:49:44:49:18:51:
                    75:42:0e:e7:e6:11:65:44:32:93:57:df:1d:b7:73:
                    3d:41:58:76:6e:42:c8:96:48:7c:f9:c3:44:9c:e6:
                    b3:d5:91:80:53:2e:6d:27:9f:bb:0d:9b:24:47:5f:
                    29:4f:43:9b:ef:ab:97:be:2a:7a:28:46:da:c0:9e:
                    02:0e:e2:5d:d3:be:6f:9e:48:d9:0b:e0:7e:f5:6b:
                    8d:91:21:10:88:51:b9:2a:8b:1b:9f:f4:d0:17:0d:
                    c2:0c:76:10:90:02:64:a2:70:6c:de:94:e5:34:77:
                    50:87:76:39:c6:31:3c:46:8e:f7:10:1b:fc:56:33:
                    ff:fa:96:28:ef:79:54:e4:46:7d:3f:97:af:2a:22:
                    7c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            Netscape Cert Type: 
                SSL Server
            Netscape Comment: 
                OpenSSL Generated Server Certificate
            X509v3 Subject Key Identifier: 
                03:88:B3:A4:D4:BA:05:B6:53:7C:EE:F8:5E:48:B9:39:43:31:B6:A8
            X509v3 Authority Key Identifier: 
                keyid:03:88:B3:A4:D4:BA:05:B6:53:7C:EE:F8:5E:48:B9:39:43:31:B6:A8
                DirName:/C=US/ST=State/L=Locality/O=InstantBalance webConfigurator Self-Signed Certificate/emailAddress=admin@InstantBalance.localdomain/CN=InstantBalance-5909a75b96c4e
                serial:00
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
            X509v3 Key Usage: 
                Digital Signature, Key Encipherment
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        63:80:2b:f1:e1:25:90:5c:7f:3a:9e:62:7c:15:b8:97:1f:2e:
        10:01:0e:59:32:7d:1d:ac:e8:24:94:18:81:e1:4d:fc:28:24:
        5f:3f:a9:76:b8:d8:50:ed:b2:98:5f:24:aa:c5:19:c9:2b:a6:
        19:83:8a:c1:b9:43:49:12:e0:0d:ed:88:ed:62:4f:74:50:18:
        8a:3b:fc:f4:56:af:2d:e5:ae:3d:ad:12:a0:b4:01:53:8e:24:
        3b:a5:11:79:b1:dc:dd:71:4a:e3:87:dd:cd:04:ec:a7:53:98:
        28:43:33:6b:34:ad:dc:0d:a1:d4:4c:8b:d2:5e:f0:16:cd:68:
        22:ae:ee:2e:1c:de:b7:80:6b:5b:63:3f:cd:9a:18:64:7b:2f:
        9c:d5:56:b8:80:62:71:07:33:a1:18:b4:cb:63:3d:8d:20:8c:
        b1:52:be:f3:2b:a5:71:3b:d3:6b:7f:f7:66:bc:8e:c5:3e:28:
        9b:95:7c:6c:e6:01:e0:a6:84:02:97:82:7f:c3:d7:ec:6a:2c:
        2e:83:16:60:fb:59:09:30:92:a5:d9:ce:64:6d:e2:12:3c:f5:
        ea:fd:57:fc:37:20:9b:54:3e:0b:cc:61:31:1a:b4:96:48:b4:
        f3:8d:7d:f2:bf:7d:49:63:c9:d1:c5:82:d6:08:6c:12:9b:b8:
        a1:e4:bc:c3

MAC Addresses

59:09:A7:5B:96:C4
    Unknown

60.251.21.210

Last Seen: 2024-06-01

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-553772621 | 2024-05-14T17:52:01.504133
22 / tcp

OpenSSH6.6.1_hpn13v11

-251218870 | 2024-06-01T23:54:19.047064
80 / tcp

lighttpd1.4.38

-1337742904 | 2024-06-01T23:54:22.562590
443 / tcp

lighttpd1.4.38

Products

Pricing

Contact Us

60.251.21.210

Last Seen: 2024-06-01

Tags:

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

-553772621 | 2024-05-14T17:52:01.504133 22 / tcp

OpenSSH6.6.1_hpn13v11

-251218870 | 2024-06-01T23:54:19.047064 80 / tcp

lighttpd1.4.38

-1337742904 | 2024-06-01T23:54:22.562590 443 / tcp

lighttpd1.4.38

Products

Pricing

Contact Us

-553772621 | 2024-05-14T17:52:01.504133
22 / tcp

-251218870 | 2024-06-01T23:54:19.047064
80 / tcp

-1337742904 | 2024-06-01T23:54:22.562590
443 / tcp