ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerability nyob rau hauv Netgear Routers ua rau tej thaj chaw deb Code Execution

Vulnerability nyob rau hauv Netgear Routers ua rau tej thaj chaw deb Code Execution

Ib qho tsis zoo tau raug txheeb xyuas hauv Netgear cov khoom siv uas tso cai rau koj ua tiav koj cov cai nrog cov cai hauv paus yam tsis muaj kev lees paub los ntawm kev tswj hwm hauv lub network sab nraud ntawm sab ntawm WAN interface. Qhov tsis zoo no tau lees paub hauv R6900P, R7000P, R7960P thiab R8000P wireless routers, nrog rau hauv MR60 thiab MS60 mesh network li. Netgear twb tau tso tawm firmware hloov tshiab uas kho qhov tsis zoo.

Qhov tsis txaus ntseeg yog tshwm sim los ntawm pawg ntau dhau hauv cov txheej txheem keeb kwm yav dhau los aws_json (/tmp/media/nand/router-analytics/aws_json) thaum parsing cov ntaub ntawv hauv JSON hom tau txais tom qab xa daim ntawv thov mus rau qhov kev pabcuam sab nraud (https://devicelocation. ngxcld.com/device -location/resolve) siv los txiav txim qhov chaw ntawm lub cuab yeej. Txhawm rau ua qhov kev tawm tsam, koj yuav tsum tso cov ntaub ntawv tshwj xeeb tsim hauv JSON hom ntawm koj lub vev xaib server thiab yuam kom lub router thauj cov ntaub ntawv no, piv txwv li, los ntawm DNS spoofing lossis redirecting thov mus rau qhov chaw hla (koj yuav tsum cuam tshuam ib thov rau tus tswv devicelocation.ngxcld.com ua thaum lub cuab yeej pib ). Qhov kev thov raug xa mus hla HTTPS raws tu qauv, tab sis tsis tau kuaj xyuas qhov siv tau ntawm daim ntawv pov thawj (thaum rub tawm, siv cov khoom siv curl nrog qhov "-k" kev xaiv).

Ntawm qhov ua tau zoo, qhov tsis muaj peev xwm tuaj yeem siv los cuam tshuam rau lub cuab yeej, piv txwv li, los ntawm kev txhim kho lub nraub qaum rau kev tswj xyuas tom qab hauv lub network ntawm kev lag luam. Txhawm rau tawm tsam, nws yog qhov yuav tsum tau nkag mus rau lub sijhawm luv luv rau Netgear router lossis mus rau lub network cable / khoom siv ntawm WAN interface sab (piv txwv li, kev tawm tsam tuaj yeem ua los ntawm ISP lossis tus neeg tawm tsam uas tau nkag mus rau lub vev xaib. tiv thaiv kev sib txuas lus). Raws li kev ua qauv qhia, cov kws tshawb fawb tau npaj cov qauv kev tawm tsam raws li Raspberry Pi pawg thawj coj saib, uas tso cai rau ib tus kom tau txais lub hauv paus plhaub thaum txuas WAN interface ntawm lub router tsis zoo rau lub rooj tsav xwm Ethernet chaw nres nkoj.

Tau qhov twg los: opennet.ru

Ntxiv ib saib