search

tothi / hs-dvr-telnet

open telnet port on modern HiSilicon devices
53 stars 24 forks source link

Plugged in recent xiongmaitech releases... #3

Open pfalcon opened 3 years ago

pfalcon commented 3 years ago

I have an XM NVR with firmware "Build Date: 2020-09-12 15:59:39", and here's portscan:

80/tcp    open  http
554/tcp   open  rtsp
12901/tcp open  unknown
23000/tcp open  inovaport1
30100/tcp open  rwp
34567/tcp open  dhanalakshmi

Which is of course only sad, as it complicates users' access to their devices...

someguy0110 commented 3 years ago

I'm guessing 12901 will be a backdoor port.. Mine has one I found one when using Legion to scan it. Mine used a different port but 9530 or 9503 can't remember which.

https://gigazine.net/gsc_news/en/20200207-xiongmai-backdoor/

someguy0110 commented 3 years ago

Oh yup. Just managed to run the script int his article on my camera and activate the telnet backdoor then first password I tried from the article and I was able to gain telnet access into my camera.. That's dangerous, It runs a small linux distro.

https://habr.com/en/post/486856/