zambiri za () mu protocol ya UPnP, yomwe imakulolani kuti mukonzekere kutumiza kwa magalimoto kwa wolandira mopanda pake pogwiritsa ntchito "SUBSCRIBE" ntchito yoperekedwa muyeso. Chiwopsezo chapatsidwa dzina lachinsinsi . Chiwopsezochi chingagwiritsidwe ntchito kuchotsa zidziwitso pamanetiweki otetezedwa ndi njira zopewera kutayika kwa data (DLP), kukonza kusanja madoko apakompyuta pa netiweki yamkati, komanso kupititsa patsogolo kuukira kwa DDoS pogwiritsa ntchito mamiliyoni a zida za UPnP zolumikizidwa ndi netiweki yapadziko lonse lapansi, monga chingwe. ma modemu, ma routers akunyumba , zowonetsera masewera, makamera a IP, mabokosi apamwamba a TV, malo owonetsera mafilimu ndi osindikiza.
vuto chifukwa ntchito ya "SUBSCRIBE" yoperekedwa mwatsatanetsatane imalola wowukira aliyense wakunja kutumiza mapaketi a HTTP okhala ndi mutu wa Callback ndikugwiritsa ntchito chipangizo cha UPnP ngati proxy kutumiza zopempha kwa makamu ena. Ntchito ya "SUBSCRIBE" imatanthauzidwa mwatsatanetsatane wa UPnP ndipo imagwiritsidwa ntchito kutsata kusintha kwa zida ndi ntchito zina. Pogwiritsa ntchito mutu wa Callback HTTP, mutha kufotokozera ulalo wokhazikika womwe chipangizocho chimayesa kulumikizana nacho.
Pafupifupi machitidwe onse a UPnP kutengera , yotulutsidwa mpaka April 17. Kuphatikizapo kukhalapo kwa zofooka mu phukusi lotseguka ndikukhazikitsa malo opanda zingwe (WPS AP). Kukonzekera kulipo ngati . Zosintha sizinatulutsidwebe m'magawidwe (, , , , , , ). Vuto nalonso mayankho otengera UPnP stack yotseguka , pomwe palibe chidziwitso chokonzekera.
Protocol ya UPnP imatanthawuza njira yodziwira zokha ndikulumikizana ndi zida pa netiweki yakomweko. Komabe, protocol idapangidwa kuti igwiritsidwe ntchito pamanetiweki am'deralo ndipo siyipereka njira zilizonse zotsimikizira ndi kutsimikizira. Ngakhale izi, zida mamiliyoni ambiri siziletsa chithandizo cha UPnP pamakina akunja akunja ndi zopempha kuchokera ku netiweki yapadziko lonse lapansi. Kuwukira kutha kuchitika kudzera pa chipangizo chilichonse cha UPnP.
Mwachitsanzo, ma consoles a Xbox One amatha kuwukiridwa kudzera pa netiweki port 2869 chifukwa amalola kusintha monga kugawana zomwe zili mkati kuti ziwunikidwa kudzera pa SUBSCRIBE command.
Open Connectivity Foundation (OCF) idadziwitsidwa za nkhaniyi kumapeto kwa chaka chatha, koma poyamba idakana kuiwona ngati pachiwopsezo pamatchulidwewo. Pambuyo pobwereza lipoti latsatanetsatane, vutoli linazindikirika ndipo chofunika chogwiritsira ntchito UPnP pokhapokha pa LAN interfaces chinawonjezeredwa ku ndondomekoyi. Popeza vutoli limayamba chifukwa cha zolakwika muyeso, zingatenge nthawi yayitali kukonza chiwopsezo pazida zilizonse, ndipo zosintha za firmware sizingawonekere pazida zakale.
Monga njira zogwirira ntchito zachitetezo, tikulimbikitsidwa kusiya zida za UPnP pazofunsira zakunja ndi chowotcha moto, kuletsa zopempha zakunja za HTTP "SUBSCRIBE" ndi "NOTIFY" pamakina opewera kuwukira, kapena kuletsa protocol ya UPnP pama network akunja. Opanga akulimbikitsidwa kuti aletse ntchito ya SUBSCRIBE pazosintha zokhazikika ndikuchepetsa kuvomereza zopempha kuchokera pa netiweki yamkati ikayatsidwa.
Kuyesa kusatetezeka kwa zida zanu kuti zikhale zosatetezeka zida zapadera zolembedwa mu Python ndikugawidwa pansi pa layisensi ya MIT.
Source: opennet.ru