Some models have different open port for webserver with root fs (7983) #1
Description
Related to https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-009.md / CVE-2020-27403
Tested on TCL U43P6064 with Android 8.0 (version 501 or something like that, cannot find the exact version on the TV anymore). Installed f-droid on the TV and NetworkMapper (nmap) and scanned all ports on localhost (127.0.0.1). Serveral open ports, and port 7983 contained the same http server with the entire fs available for free. Any app could this way access anything, bypassing all security.
Not binded to wifi ip address, however, perhaps already fixed remotely by TCL. Localhost binding still present and several other services available via localhost as well: particularly nmap found these open ports bound to 127.0.0.1 with 7983/tcp (http) containing the webserver with the filesystem.
Open TCP ports found via nmap:
- 6553
- 53130
- 10101
- 12854
- 8009
- 8008
- 8443
- 6466
- 6467
- 9080
- 7983 - http, entire filesystem freely accessible
- 6557
- 9000
- 6550
- 8012
- 6559
- 4332
Some data returned but fingerprint not detected by nmap:
- 6550 (TLSSessionReq...)
- 6559 (tv_start=>390=>-3=>tv_end)
- 8009 (received some self-signed RSA-2048 cert)
- 9080 (http, Server: NRDP/2020.1.3.1)