Open to phishing via location.href dom-xss vulnerability?

Besides a unpatched vulnerability for 70 CCTV DVR with a Chinese vendor.
And we also see a DOM-XSS vulnerability luring in the background. Let’s have a look here:

Look here: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2F220.128.119.155%2FWebClient.html&useragent=Fetch+useragent&accept_encoding=

Then look at the analysis here: http://www.domxssscanner.com/scan?url=http%3A%2F%2F220.128.119.155%2F
Detected: Results from scanning URL: -http://220.128.119.155/
Number of sources found: 7
Number of sinks found: 12

Read here: https://stackoverflow.com/questions/25440918/how-to-protect-location-href-from-cross-site-scripting-in-javascript
and the further explanation from Pedro Gámez, overshadow & jupenur here: https://stackoverflow.com/questions/24078332/is-it-secure-to-use-window-location-href-directly-without-validation/24089350#24089350

Info credits go to StackOverflow members mentioned here.

Looking into this address because of alerting aspecific GRE traffic, becoming an item reported here: https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
and also here: https://isc.sans.edu/forums/diary/More+on+Protocol+47+denys/21867/

Interesting to know what this attack if it is any could be all about?
Also consider this error

line:14: SyntaxError: missing } in XML expression:
error: line:14: document.location.href = “PcamEn.htm”;
error: line:14: …^
and we should look for testfile.htm - example: htxp://daihocdieuduong.dyndns.org/PcamEn.htm

polonus (volunteer website security analyst and website error-hunter)