Ofufuza zachitetezo ochokera ku Lyrebirds zambiri za () mumamodemu a chingwe ozikidwa pa tchipisi ta Broadcom, kulola kulamulira kwathunthu pa chipangizocho. Malinga ndi ochita kafukufuku, pafupifupi zida za 200 miliyoni ku Europe, zomwe zimagwiritsidwa ntchito ndi ma waya osiyanasiyana, zimakhudzidwa ndi vutoli. Konzekerani kuyang'ana modemu yanu , yomwe imayesa ntchito ya ntchito yovuta, komanso wogwira ntchito kuchita chiwonongeko pamene tsamba lopangidwa mwapadera latsegulidwa mu msakatuli wa wosuta.
Vutoli limayamba chifukwa cha kusefukira kwa buffer muutumiki womwe umapereka mwayi wopeza data ya spectrum analyzer, yomwe imalola ogwiritsa ntchito kuzindikira zovuta ndikuganizira kuchuluka kwa kusokoneza pamalumikizidwe a chingwe. Ntchitoyi imapempha kudzera pa jsonrpc ndipo imavomereza kulumikizana ndi netiweki yamkati yokha. Kugwiritsa ntchito chiwopsezo muutumiki kunali kotheka chifukwa chazifukwa ziwiri - ntchitoyi sinatetezedwe kukugwiritsa ntchito ukadaulo ""Chifukwa chogwiritsa ntchito molakwika WebSocket ndipo nthawi zambiri amapatsidwa mwayi wogwiritsa ntchito mawu achinsinsi aukadaulo, omwe amapezeka pazida zonse zamitundu yonseyi (mawonekedwe owunikira ndi ntchito yosiyana pa doko lake la netiweki (nthawi zambiri 8080 kapena 6080) yokhala ndi yake. mawu achinsinsi olowa muuinjiniya, omwe saphatikizana ndi mawu achinsinsi kuchokera pa intaneti ya administrator).
Njira ya "DNS rebinding" imalola, pamene wogwiritsa ntchito atsegula tsamba linalake mu msakatuli, kuti akhazikitse kulumikizidwa kwa WebSocket ndi ntchito ya netiweki pamaneti amkati omwe sapezeka mwachindunji kudzera pa intaneti. Kulambalala chitetezo cha msakatuli kuti musachoke pamagawo apano () kusintha kwa dzina lachidziwitso mu DNS kumagwiritsidwa ntchito - seva ya DNS ya owukira imakonzedwa kuti itumize ma adilesi awiri a IP imodzi ndi imodzi: pempho loyamba limatumizidwa ku IP yeniyeni ya seva ndi tsamba, ndiyeno adilesi yamkati ya chipangizo chabwezedwa (mwachitsanzo, 192.168.10.1). Nthawi yokhala ndi moyo (TTL) pakuyankhidwa koyamba imayikidwa pamtengo wocheperako, kotero potsegula tsambalo, msakatuli amasankha IP yeniyeni ya seva yowukirayo ndikunyamula zomwe zili patsambalo. Tsambali limagwiritsa ntchito JavaScript code yomwe imadikirira kuti TTL iwonongeke ndikutumiza pempho lachiwiri, lomwe tsopano limadziwika kuti ndi 192.168.10.1, lomwe limalola JavaScript kuti igwiritse ntchito ntchitoyi mkati mwa netiweki yakomweko, ndikudutsa malire oyambira.
Mukatha kutumiza pempho ku modem, wowukira atha kugwiritsa ntchito buffer kusefukira mu spectrum analyzer handler, zomwe zimalola kuti code ichitike ndi mwayi wokhala ndi mizu pamlingo wa firmware. Pambuyo pa izi, wowukirayo amapeza mphamvu zonse pa chipangizocho, kumulola kuti asinthe makonda aliwonse (mwachitsanzo, kusintha mayankho a DNS kudzera pakuwongolera kwa DNS kupita ku seva yake), kuletsa zosintha za firmware, kusintha firmware, kuwongolera magalimoto kapena mphero kumalumikizidwe amtundu (MiTM). ).
Chiwopsezo chilipo mu purosesa wamba ya Broadcom, yomwe imagwiritsidwa ntchito mu firmware ya ma modemu a chingwe kuchokera kwa opanga osiyanasiyana. Mukagawa zopempha mumtundu wa JSON kudzera pa WebSocket, chifukwa cha kutsimikizira kolakwika kwa data, mchira wa magawo omwe atchulidwa mu pempholo ukhoza kulembedwa kudera lomwe lili kunja kwa buffer yomwe wapatsidwa ndikulemba pamwamba gawo la stack, kuphatikiza adilesi yobweza ndi zolembera zosungidwa.
Pakadali pano, kusatetezekaku kwatsimikiziridwa muzipangizo zotsatirazi zomwe zinalipo pophunzira panthawi ya kafukufuku:
- Sagemcom F@st 3890, 3686;
- NETGEAR CG3700EMR, C6250EMR, CM1000 ;
- Technicolor TC7230, TC4400;
- COMPAL 7284E, 7486E;
- Chithunzi cha SB8200.
Source: opennet.ru