ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerabilities hauv NETGEAR cov khoom siv uas tso cai rau kev nkag mus tsis tau lees paub

Vulnerabilities hauv NETGEAR cov khoom siv uas tso cai rau kev nkag mus tsis tau lees paub

Peb qhov tsis zoo tau raug txheeb xyuas nyob rau hauv lub firmware rau NETGEAR DGN-2200v1 series cov khoom siv, uas muab cov haujlwm ntawm ADSL modem, router thiab wireless nkag point, tso cai rau koj ua txhua yam haujlwm hauv web interface yam tsis muaj kev lees paub.

Thawj qhov tsis zoo yog tshwm sim los ntawm qhov tseeb tias HTTP neeg rau zaub mov code muaj qhov nyuaj-wired muaj peev xwm nkag mus ncaj qha rau cov duab, CSS thiab lwm cov ntaub ntawv pabcuam, uas tsis tas yuav muaj kev lees paub. Cov cai muaj ib daim tshev ntawm qhov kev thov siv lub qhov ncauj qhov ntswg ntawm cov npe ntawm cov ntaub ntawv raug thiab txuas ntxiv, siv los ntawm kev tshawb nrhiav ib qho substring hauv tag nrho URL, suav nrog hauv cov ntawv thov tsis. Yog tias muaj ib qho substring, nplooj ntawv tau txais kev pabcuam yam tsis tau kuaj xyuas tus ID nkag mus rau lub vev xaib interface. Kev tawm tsam ntawm cov khoom siv nqis los ntxiv rau lub npe tam sim no hauv daim ntawv thov; piv txwv li, txhawm rau nkag mus rau WAN interface teeb tsa, koj tuaj yeem xa daim ntawv thov "https://10.0.0.1/WAN_wan.htm?pic.gif" .

Vulnerabilities hauv NETGEAR cov khoom siv uas tso cai rau kev nkag mus tsis tau lees paub

Qhov thib ob qhov tsis zoo yog tshwm sim los ntawm kev siv strcmp muaj nuj nqi thaum sib piv username thiab password. Hauv strcmp, kev sib piv yog ua los ntawm tus cwj pwm los ntawm tus cwj pwm kom txog thaum muaj qhov sib txawv lossis tus cwj pwm nrog tus lej xoom, txheeb xyuas qhov kawg ntawm kab. Tus neeg tawm tsam tuaj yeem sim twv tus password los ntawm kev sim tawm cov cim ib kauj ruam thiab txheeb xyuas lub sijhawm kom txog thaum muaj kev lees paub qhov yuam kev tshwm sim - yog tias tus nqi tau nce, ces tus cwj pwm raug raug xaiv thiab koj tuaj yeem txav mus rau twv tus cim tom ntej. hauv txoj hlua.

Qhov thib peb qhov tsis zoo tso cai rau koj rho tawm tus password los ntawm qhov chaw khaws tseg, uas tuaj yeem tau txais los ntawm kev ua kom zoo dua ntawm thawj qhov tsis zoo (piv txwv li, xa daim ntawv thov β€œhttp://10.0.0.1:8080/NETGEAR_DGN2200.cfg?pic .gif)". Tus password tam sim no nyob rau hauv cov pov tseg hauv daim ntawv encrypted, tab sis tus encryption siv DES algorithm thiab tus yuam sij ruaj khov "NtgrBak", uas tuaj yeem muab rho tawm los ntawm firmware.

Vulnerabilities hauv NETGEAR cov khoom siv uas tso cai rau kev nkag mus tsis tau lees paub

Txhawm rau siv qhov tsis zoo, nws yuav tsum muaj peev xwm xa daim ntawv thov mus rau lub network chaw nres nkoj uas lub vev xaib cuam tshuam tau ua haujlwm (los ntawm lwm lub network, kev tawm tsam tuaj yeem ua, piv txwv li, siv cov txheej txheem "DNS rebinding"). Cov teeb meem twb tau kho nyob rau hauv firmware hloov tshiab 1.0.0.60.

Tau qhov twg los: opennet.ru

Ntxiv ib saib