固件安全审计报告

📊 风险评估

风险评分：0 / 100（低风险）

📑 目录

📋 执行摘要
🔍 安全发现
🌐 外连目标
🔍 代码行为分析
⚠️ 审计结论

📋 执行摘要

本报告对固件 /tmp/panabit_pkg/PanabitOEM_TANGr7p8_20260414_Linux3 进行了安全审计。未发现严重安全问题。检测到 30 个外连域名和 138 个公网 IP。

🔍 安全发现

🌐 已知外连目标

域名	风险	分类	引用
`report.url.cn`	🔴 high	telemetry	1 个文件 `/bin/dpi.so`
`api.ngrok.cc`	🟡 medium	api	1 个文件 `/bin/dpi.so`
`api.duapp.com`	🟡 medium	api	1 个文件 `/bin/dpi.so`
`api.playstation.com`	🟡 medium	api	1 个文件 `/bin/dpi.so`
`stun.remotepc.com`	🟡 medium	network	1 个文件 `/bin/dpi.so`
`account.xyaz.cn`	🟡 medium	auth	1 个文件 `/bin/dpi.so`
`auth.natapp.cn`	🟡 medium	auth	1 个文件 `/bin/dpi.so`
`update.yjwujian.cn`	🟡 medium	update	1 个文件 `/bin/dpi.so`
`cloud.dhgs.net`	🟡 medium	cloud	1 个文件 `/bin/dpi.so`
`darwin.qianxin.com`	🟡 medium	system	1 个文件 `/app/webui/bin/redirect_qax_download`
`api.epicgames.dev`	🟡 medium	api	1 个文件 `/bin/dpi.so`
`login.microsoftonline.com`	🟡 medium	auth	1 个文件 `/bin/dpi.so`
`cloud.huawei.com`	🟡 medium	cloud	1 个文件 `/bin/dpi.so`
`stun.workslink.com`	🟡 medium	network	1 个文件 `/bin/dpi.so`
`api.onedrive.com`	🟡 medium	api	1 个文件 `/bin/dpi.so`
`api.weipan.com`	🟡 medium	api	1 个文件 `/bin/dpi.so`
`ws.126.net`	🟡 medium	cloud	1 个文件 `/bin/dpi.so`
`api.bminer.me`	🟡 medium	api	1 个文件 `/bin/dpi.so`
`login.live.com`	🟡 medium	auth	1 个文件 `/bin/dpi.so`
`update.hihonorcdn.com`	🟡 medium	update	1 个文件 `/bin/dpi.so`
`cloud.xylink.com`	🟡 medium	cloud	1 个文件 `/bin/dpi.so`
`obj.data.id`	🟢 low	unknown	56 个文件 `/admin/html/auth/dot1x_rule_list.html` `/admin/html/auth/l2bypass_svrlist.html` `/admin/html/auth/pppoesvr_list.html` `/admin/html/common/select_acct.html` `/admin/html/common/select_app.html` `/admin/html/common/select_dnsgrp.html` `/admin/html/common/select_ippool.html` `/admin/html/common/select_iptab.html` `/admin/html/common/select_proxy.html` `/admin/html/common/select_ugroup.html` `/admin/html/control/conlimit_list.html` `/admin/html/control/malc_dbtype.html` `/admin/html/control/malc_vendor.html` `/admin/html/dashboard/item_proxy_list.html` `/admin/html/flowcontrol/acl_list.html` `/admin/html/flowcontrol/flowct_list.html` `/admin/html/flowcontrol/nflowct_list.html` `/admin/html/flowcontrol/ntmso_list.html` `/admin/html/flowschedu/policy_list.html` `/admin/html/monitor/ipobj_list_tree.html` `/admin/html/monitor/ipview_mobile.html` `/admin/html/network/dhcpsvr_list.html` `/admin/html/network/dhcpsvr_v6_list.html` `/admin/html/network/iwan_server_list.html` `/admin/html/network/iwan_user_list.html` `/admin/html/network/lan_list.html` `/admin/html/network/switch_vlan_list.html` `/admin/html/network/wan_list.html` `/admin/html/network/wangroup_addwan.html` `/admin/html/network/wangroup_get.html` `/admin/html/network/wangroup_manager.html` `/admin/html/object/file_type_list.html` `/admin/html/object/glink_stat.html` `/admin/html/object/iptab_list.html` `/admin/html/object/rtptime_list.html` `/admin/html/object/urlgrp_list.html` `/admin/html/object/user_group_list.html` `/admin/html/object/usertab_list.html` `/admin/html/object/vlink_list.html` `/admin/html/protection/attackpro_list.html` `/admin/html/proto/url_cat.html` `/admin/html/route/portmap_list.html` `/admin/html/route/route6_policy_list.html` `/admin/html/route/server_group.html` `/admin/html/route/server_list.html` `/admin/html/route/static_nat_list.html` `/admin/html/route/urlmap_list.html` `/admin/html/sac/crontab_list.html` `/admin/html/sac/ssid_list.html` `/admin/html/system/sys_check_ping_add.html` `/admin/html/system/webuser_online.html` `/admin/html/warring/alert_evt_cur_list.html` `/admin/html/warring/alert_evt_end_card.html` `/admin/html/warring/alert_evt_end_list.html` `/admin/html/warring/alert_host_group.html` `/admin/html/warring/internet_api.html`
`download.panabit.com`	🟢 low	update	14 个文件 `/admin/cgi-bin/sac/ajax_sac_ap` `/admin/cgi-bin/system/ajax_app_store` `/admin/html/common/layout_head.html` `/admin/html/control/malc_history.html` `/admin/html/control/malc_log.html` `/admin/html/control/malc_vendor.html` `/admin/html/monitor/ipview_malc.html` `/admin/html/system/app_cloud.html` `/admin/html/system/sys_upgrade_auto.html` `/app/webui/bin/check_apupgrade` `/app/webui/bin/install_tool` `/app/webui/bin/pa_malc_sync` `/app/webui/bin/system_news_check` `/bin/download`
`obj.field.id`	🟢 low	unknown	7 个文件 `/admin/html/control/malc_dbedit.html` `/admin/html/object/iptab_list.html` `/admin/html/object/urlgrp_list.html` `/admin/html/object/usertab_list.html` `/admin/html/route/domain_policy_add.html` `/admin/html/route/static_nat_add.html` `/admin/html/sac/crontab_add.html`
`json.data.info`	🟢 low	unknown	5 个文件 `/admin/html/monitor/interface_set.html` `/admin/html/object/user_group_add.html` `/admin/html/proto/appview_config.html` `/admin/html/route/static_nat_add.html` `/admin/html/sac/ap_group_list.html`
`www.panabit.com`	🟢 low	frontend	5 个文件 `/admin/html/common/layout_body.html` `/admin/html/common/layout_head.html` `/admin/html/common/login.js` `/app/_app_install/motd` `/bin/ipe_msgpush`
`ti.qianxin.com`	🟢 low	unknown	4 个文件 `/admin/html/control/malc_history.html` `/admin/html/control/malc_log.html` `/admin/html/control/malc_vendor.html` `/admin/html/monitor/ipview_malc.html`
`obj.data.app`	🟢 low	unknown	4 个文件 `/admin/html/network/pxyview_topapp.html` `/admin/html/system/app_cloud.html` `/admin/html/system/app_local.html` `/admin/html/system/sys_upgrade_auto.html`
`d.data.id`	🟢 low	unknown	2 个文件 `/admin/html/flowcontrol/acl_list.html` `/admin/html/flowcontrol/nflowct_list.html`
`weixin.panabit.com`	🟢 low	unknown	2 个文件 `/admin/html/warring/internet_api.html` `/bin/ipe_msgpush`

📍 已知服务器 IP

IP 地址	说明
`183.255.234.49`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.8`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.9`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`61.241.63.175`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`139.189.127.75`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.124.46`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.52`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`119.147.89.245`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.124.27`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.33`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.34`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.43`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.124.8`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.124.20`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.58`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.60`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.62`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.35`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.234.15`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com
`183.255.124.18`	1 个文件 → vcinema.com.cn, bn.netease.com, server.crossloop.com

🔍 代码行为分析

发现 34 个网络调用

操作	类型	目标	文件	代码
connect	`netcat`	`dec.tar.gz`	`/admin/cgi-bin/flowcontrol/ajax_malc:281`	errmsg=`openssl enc -aes-256-cbc -d -salt -md sha256 -k "${channel_key}" -in "${...
POST/upload	`xhr`	`http://www.w3.org/2000/svg`	`/admin/html/assert/layui.all.js:1`	/** v2.13.0 \| MIT Licensed */;!function(d){"use strict";var e,h=d.document,v=d.l...
POST/upload	`xhr`	`https://xxxx/VPATH_test/`	`/admin/html/assert/panabit.js:1`	var cLang = { "LANG0001": {"ch": "ȷ��", "en": "OK"}, "LANG0002": {"ch": "��",...
POST/upload	`xhr`	`https://www.panabit.com`	`/admin/html/common/login.js:1`	if (window.top != window.self) parent.location.href = "../login/login.cgi?t=v"; ...
GET	`jquery`	`d.src.length`	`/admin/html/control/malc_auth.html:1`	{{# var lang003 = {"ch": "��", "en": "Any"}, lang004 = {"ch": "��־��", ...
GET	`jquery`	`https://download.panabit.com`	`/admin/html/control/malc_history.html:1`	{{# var lang003 = {"ch": "��", "en": "Any"}, lang004 = {"ch": "��־��", ...
POST/upload	`jquery`	`json.data.length`	`/admin/html/control/malc_report.html:1`	{{# var lang003 = {"ch": "��", "en": "Any"}, lang004 = {"ch": "��־��", ...
GET	`jquery`	`obj.data.ip`	`/admin/html/control/malc_user.html:1`	{{# var lang001 = {"ch": "��û�", "en": "Hit User"}, lang002 = {"ch"...
GET	`jquery`	`d.dst.length`	`/admin/html/control/malc_username.html:1`	{{# var lang003 = {"ch": "��", "en": "Any"}, lang004 = {"ch": "��־��", ...
upload	`upload`	`https://download.panabit.com`	`/admin/html/control/malc_vendor.html:1`	{{# var lang001 = {"ch": "�鱨�ſ�", "en": "Intelligence Overview"}, lan...
GET	`jquery`	`obj.data.proto`	`/admin/html/monitor/ipview_tunnel.html:1`	{{# var lang001 = {"ch": "ԴIP", "en": "Src IP"}, lang002 = {"ch": "Դ��...
GET	`jquery`	`obj.data.ip`	`/admin/html/proto/appview_flow.html:1`	{{# var lang001 = {"ch": "�û��", "en": "User Direction"}, lang002 = {"ch": "...
GET	`jquery`	`obj.data.ip`	`/admin/html/proto/appview_user.html:1`	{{# var lang001 = {"ch": "�ؼ��", "en": "Search"}, lang002 = {"ch": "��",...
upload	`upload`	`json.data.deduppkt`	`/admin/html/proto/dpi_config.html:1`	{{# var lang001 = {"ch": "��", "en": "DPI Engine Settings"}, lang002 = {"c...
upload	`upload`	`d.sortver.split`	`/admin/html/sac/ap_set_upgrade.html:1`	{{# var lang001 = {"ch": "�豸��Ϣ", "en": "Device Info"}, lang002 = {"ch": "��...
upload	`upload`	`json.data.ifadmin`	`/admin/html/system/sys_setting_web.html:1`	{{# var lang001 = {"ch": "WEB��", "en": "Web Access"}, lang002 = {"ch": "��...

⚠️ 审计结论

检测到 30 个外连域名。

建议：审查所有外连通信，更换默认凭据，升级过时的加密库。

🔬 固件安全审计报告

📊 风险评估

📑 目录

📋 执行摘要

🔍 安全发现

🌐 已知外连目标

📍 已知服务器 IP

🔍 代码行为分析

⚠️ 审计结论