Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Plugged in recent xiongmaitech releases... #3

Open
pfalcon opened this issue Apr 18, 2021 · 2 comments
Open

Plugged in recent xiongmaitech releases... #3

pfalcon opened this issue Apr 18, 2021 · 2 comments

Comments

@pfalcon
Copy link

pfalcon commented Apr 18, 2021

I have an XM NVR with firmware "Build Date: 2020-09-12 15:59:39", and here's portscan:

80/tcp    open  http
554/tcp   open  rtsp
12901/tcp open  unknown
23000/tcp open  inovaport1
30100/tcp open  rwp
34567/tcp open  dhanalakshmi

Which is of course only sad, as it complicates users' access to their devices...
@someguy0110
Copy link

someguy0110 commented May 27, 2021
edited
Loading

I'm guessing 12901 will be a backdoor port.. Mine has one I found one when using Legion to scan it. Mine used a different port but 9530 or 9503 can't remember which.

https://gigazine.net/gsc_news/en/20200207-xiongmai-backdoor/

@someguy0110
Copy link

someguy0110 commented May 27, 2021
edited
Loading

Oh yup. Just managed to run the script int his article on my camera and activate the telnet backdoor then first password I tried from the article and I was able to gain telnet access into my camera.. That's dangerous, It runs a small linux distro.

https://habr.com/en/post/486856/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pfalcon @someguy0110