Vatsvakurudzi vekuchengetedza kubva kuLyrebirds ruzivo nezve () mune tambo modem yakavakirwa paBroadcom chips, ichibvumira kutonga kwakazara pamusoro pechishandiso. Maererano nevatsvakurudzi, anenge mamiriyoni mazana maviri emidziyo muEurope, anoshandiswa nevashandisi vetambo vakasiyana, anokonzerwa nedambudziko. Yakagadzirirwa kutarisa modem yako , iyo inoongorora basa rebasa rinonetsa, pamwe chete nemushandi kuita kurwisa kana peji rakagadzirirwa rakavhurwa mubrowser yemushandisi.
Dambudziko rinokonzerwa nekufashukira kwebhafa musevhisi inopa mukana kune spectrum analyzer data, iyo inobvumira vashandisi kuongorora matambudziko uye kufunga nezve nhanho yekukanganisa pakubatanidza tambo. Iyo sevhisi inoitisa zvikumbiro kuburikidza nejsonrpc uye inogamuchira zvinongedzo chete pane yemukati network. Kushandiswa kwekusagadzikana mubasa kwakakwanisika nekuda kwezvinhu zviviri - sevhisi haina kudzivirirwa kubva mukushandiswa kwetekinoroji ""Nekuda kwekushandisa zvisirizvo kweWebSocket uye kazhinji inopihwa mukana unoenderana neyakafanotaurwa password password, yakajairika kune ese maturusi emuenzaniso akateedzana (iyo spectrum analyzer ibasa rakasiyana pane yayo yega network port (kazhinji 8080 kana 6080) ine yayo. engineering yekupinda password, iyo isingapindire nepassword kubva kune administrator web interface).
Iyo "DNS rebinding" nzira inobvumira, kana mushandisi avhura imwe peji mubrowser, kumisikidza kubatana kweWebSocket netiweki sevhisi panetiweki yemukati isingasvikike kuti iwane zvakananga kuburikidza neInternet. Kupfuura kuchengetedzwa kwebrowser kubva pakusiya chiyero cheiyo ikozvino domain () shanduko yezita remuenzi muDNS inoiswa - iyo vanorwisa 'DNS server inogadzirirwa kutumira maviri IP kero imwe neimwe: yekutanga chikumbiro inotumirwa kune chaiyo IP ye server ne peji, uyezve kero yemukati ye. mudziyo unodzorerwa (somuenzaniso, 192.168.10.1). Nguva yekurarama (TTL) yemhinduro yekutanga inoiswa kune yakaderera kukosha, saka kana uchivhura peji, bhurawuza inosarudza iyo chaiyo IP yeanorwisa server uye inotakura zviri mukati pejiji. Iyo peji inomhanyisa JavaScript kodhi inomirira kuti TTL ipere uye inotumira chikumbiro chechipiri, icho zvino chinozivisa mugadziri se 192.168.10.1, iyo inobvumira JavaScript kuti iwane sevhisi mukati metiweki yenzvimbo, ichipfuura kurambidzwa kwemuchinjiko.
Kana uchinge wakwanisa kutumira chikumbiro kune modem, munhu anorwisa anogona kushandisa buffer kufashukira mu spectrum analyzer handler, iyo inobvumira kodhi kuti iitwe nemidzi ropafadzo padanho re firmware. Mushure meizvi, anorwisa anowana kutonga kwakazara pamusoro pechishandiso, zvichimubvumira kuti achinje chero marongero (semuenzaniso, shandura DNS mhinduro kuburikidza neDNS redirection kune server yake), dzima firmware updates, shandura firmware, redirect traffic kana wedge mu network network (MiTM). )
Kusagadzikana kuripo mune yakajairwa Broadcom processor, iyo inoshandiswa mune firmware yetambo modem kubva kune vakasiyana vagadziri. Pakuisa zvikumbiro muJSON fomati kuburikidza neWebSocket, nekuda kwekusakodzera kusimbiswa kwedata, muswe weiyo parameter inotsanangurwa muchikumbiro inogona kunyorerwa kune imwe nzvimbo iri kunze kwebhafa yakagoverwa uye kudzima chikamu che stack, kusanganisira kero yekudzorera uye yakachengetwa marejitari.
Parizvino, kusagadzikana kwakasimbiswa mumidziyo inotevera yaivepo yekudzidza panguva yekutsvagisa:
- Sagemcom F@st 3890, 3686;
- NETGEAR CG3700EMR, C6250EMR, CM1000 ;
- Technicolor TC7230, TC4400;
- COMPAL 7284E, 7486E;
- Surfboard SB8200.
Source: opennet.ru