Commands executed by a station in ChangHong enter the Enterprise Intranet (affecting the security of dozens of hosts) + multiple backdoor files are found to have been infiltrated

Commands executed by a station in ChangHong enter the Enterprise Intranet (affecting the security of dozens of hosts) + multiple backdoor files are found to have been infiltrated

Commands executed by a station in ChangHong enter the enterprise's large Intranet (affecting the security of dozens of hosts) + multiple backdoor files are found to have been infiltrated, and all the proxy files are available, intranet should have been infiltrated...

Founded in 1958, Changhong is a comprehensive multinational enterprise group integrating military industry, consumer electronics, and core device R & D and manufacturing. Its brand value is RMB 113.518 billion.

In recent years, Changhong has vigorously implemented its intelligent strategy, promoted industrial restructuring, and continuously improved its comprehensive competitiveness. With the powerful brands, technologies, industries, talents, markets, services, and other strengths, we will make every effort to promote the upgrading of the manufacturing industry, service industry transformation, and global development, and gradually build Changhong into a globally respectable enterprise.


Official Website: http://www.changhongit.com/


Vulnerability site: Changhong Jiahua mobile phone receiving system http: // 124.205.58.20/


The Struts2 S2-016 remote command execution exists
 

Intranet host
 

\\145 ZONGHECHAXUN 145 ZongHeChaXun

\ 1600ROM-C96D66C

\ 4031 BAOJIADANSH

\ 4042 SHENPIRIZHI

\ 4136 cfcara0000l

\\%7dakaapp2000

\ 4181 MUKOOL

\ 4221-MSTR2000

\\ 4233 ITYW

\ 4234-MSTR2003X3

\ 5025 YGGZZX 2k8R2muban

\ 5046-2361_att 5046-236TomcatTest

\ 5067 YQZLCX 5067

\ 5069 JAVATEST 5069

\ 90 SHENFAZHAN

\ 9600ROM-BC6B800

\ AIC73

\ AR-CHIT

\ ATTACHMENT attachment

\ AVAYAWEB

\ BIEE423 BIEE423

\ BLADE1-9 blade1-9

\ BLADE10

\ BLADE20

\ BLADE5

\ BLADE7

\ CHANGHON-1A7666

\ CHANGHONGIT ChangHongIt Auto Build

\ CHCLOUD

\ CHISA

\ CHIT-YTKMF6KV18

\ CHIT041

\ CHIT164

\ CHITDB179

\ CHITDY-A41461B2

\ CHITOA

\ COGNOS Cognos

\ COMMAPP

\ DAKA

\ DISCUZ

\ DNS3

\ DOMINOBUSHUCESH DominoKaiFa

\ DYNATRACE

\ E2FAXPOR

\ JIA Jia

\ JIACOGNOS jiacognos.changhongit.com

\ JIADB JiaDB

\ JIANSHE

\ JIAOHANG

\ MAIL01 4006mail01

\ MAIL01BAK mail01bak

\ MAIL02

\ MAIL03

\ MAIL04

\ MEDIA

\ MEETING

\ MINSHENG

\ NBUMANAGE

\ OPENWRT OpenWrt

\ OSGI1

\ OSGITEST

\ PRONGSIS

\ PROXY

\ SAMETIME

\ SBESERVER SBEserver

\ SHENFAZHAN shenfazhan

\ SHUMA-SVN

\ SM06

\ SQL

\ TEST2 DominoKaiFa

\ VCENTER

\ WCHUYUN wchuyun

\ WEBSERVER002 Webserver002

\ WEBSERVER2012 webserver2012

\ WIKI

\ WIN-00B6Q4SAEJC

\ WIN-1BJMVBIVO08

\ WIN-71M4409T19C

\ WIN-C1D8HRD139A

\ WIN-MAUAUOTO4VJ

\ WIN2003-32-219

\ WIN2003-AF6AC0F

\ WINDOWS-2481GPW WINDOWS-2481GPW

\ WINDOWS-CK67NPI

\ WJH225 wjh

\ WMS

\ ZARVA03

\ ZARVA08 zarva08


Multiple backdoor files were found on the server. The intrusion time was around July 2015.