Kuphawulwe ukuba sengozini kumadivayisi e-Netgear akuvumela ukuthi usebenzise ikhodi yakho ngamalungelo ezimpande ngaphandle kokuqinisekisa ngokukhohlisa kunethiwekhi yangaphandle ohlangothini lwesixhumi esibonakalayo se-WAN. Ukuba sengozini kuqinisekisiwe kumarutha angenantambo e-R6900P, R7000P, R7960P kanye ne-R8000P, kanye nakumadivayisi enethiwekhi ye-MR60 ne-MS60. I-Netgear isivele ikhiphe isibuyekezo se-firmware esilungisa ukuba sengozini.
Ukuba sengozini kubangelwa ukuchichima kwesitaki kunqubo yangemuva aws_json (/tmp/media/nand/router-analytics/aws_json) lapho kudluliswa idatha ngefomethi ye-JSON etholwe ngemva kokuthumela isicelo kusevisi yewebhu yangaphandle (https://devicelocation. ngxcld.com/device -location/resolve) esetshenziselwa ukunquma indawo yocingo. Ukuze wenze ukuhlasela, udinga ukubeka ifayela eliklanywe ngokukhethekile ngefomethi ye-JSON kuseva yakho yewebhu futhi uphoqelele umzila ukuthi ulayishe leli fayela, isibonelo, ngokusebenzisa i-DNS spoofing noma ukuqondisa kabusha isicelo endaweni yezokuthutha (udinga ukungena isicelo kumsingathi we-devicelocation.ngxcld.com esenziwe lapho idivayisi iqala ). Isicelo sithunyelwa ngephrothokholi ye-HTTPS, kodwa ngaphandle kokuhlola ukufaneleka kwesitifiketi (uma ulanda, sebenzisa insiza ye-curl ngenketho ethi "-k").
Ngasohlangothini olusebenzayo, ubungozi bungasetshenziswa ukufaka idivayisi engozini, isibonelo, ngokufaka i-backdoor ukuze kulawulwe okulandelayo kunethiwekhi yangaphakathi yebhizinisi. Ukuze uhlasele, kuyadingeka ukuthi uthole ukufinyelela kwesikhashana kumzila we-Netgear noma ikhebula lenethiwekhi/impahla ohlangothini lwe-WAN (isibonelo, ukuhlasela kungenziwa yi-ISP noma umhlaseli othole ukufinyelela isihlangu sokuxhumana). Njengomboniso, abacwaningi balungiselele idivayisi yokuhlasela ye-prototype esekelwe ebhodini le-Raspberry Pi, evumela umuntu ukuthi athole igobolondo lempande lapho exhuma isixhumi esibonakalayo se-WAN serutha esengozini embobeni ye-Ethernet yebhodi.
Source: opennet.ru