A cikin uwar garken http da aka yi amfani da shi a cikin Netgear SOHO routers, , wanda ke ba ku damar aiwatar da lambar ku ba tare da tantancewa tare da haƙƙin tushen ba kuma ku sami cikakken iko akan na'urar. Don kai hari, ya isa ya aika buƙatun zuwa tashar sadarwa ta hanyar sadarwar yanar gizon da ke gudana a kai. Matsalar tana faruwa ne sakamakon rashin bincika girman bayanan waje kafin a kwafa su zuwa madaidaicin girman. An tabbatar da raunin a cikin nau'ikan hanyoyin sadarwa na Netgear, firmware wanda ke amfani da tsarin httpd mai rauni.
Tun lokacin aiki tare da tari, firmware ba ta amfani da hanyoyin kariya, kamar shigarwa , gudanar da shirya barga aiki , wanda ke ƙaddamar da harsashi na baya tare da samun tushen tushen akan tashar jiragen ruwa 8888. An daidaita amfani da shi don kai hari 758 da aka samo hotunan Netgear firmware, amma ya zuwa yanzu an gwada shi da hannu akan na'urori 28. Musamman, an tabbatar da amfani da aiki a cikin bambance-bambancen samfura daban-daban:
- D6300
- Saukewa: DGN2200
- EX6100
- R6250
- R6400
- R7000
- R8300
- R8500
- Saukewa: WGR614
- WG624
- Saukewa: WN3000RP
- Saukewa: WNDR3300
- Saukewa: WNDR3400
- Saukewa: WNDR4000
- Saukewa: WNDR4500
- Saukewa: WNR834B
- Saukewa: WN1000
- Saukewa: WN2000
- Saukewa: WN3500
- Saukewa: WNR3500L
Sabuntawa don gyara raunin har yanzu ba a fitar da su ba (0-day), don haka ana shawarci masu amfani da su toshe hanyar shiga tashar HTTP ta na'urar don buƙatun tsarin da ba a amince da su ba. An sanar da Netgear game da raunin a ranar 8 ga Janairu, amma bai fitar da sabuntawar firmware ba don magance batun ta hanyar kwanaki 120 da aka amince da ranar ƙarshe na bayyanawa kuma ya nemi tsawaita wa'adin takunkumin. Masu binciken sun amince su matsar da wa'adin zuwa 15 ga watan Yuni, amma a karshen watan Mayu, wakilan Netgear sun sake neman a matsar da wa'adin zuwa karshen watan Yuni, wanda aka ki.
source: budenet.ru