A kan hanyoyin FiberHome amfani da masu samarwa don haɗa masu biyan kuɗi zuwa layukan sadarwa na GPON, An gano batutuwan tsaro 17, gami da kasancewar a bayan gida tare da takaddun takardun shaidarka wanda ke ba da izinin sarrafa kayan aiki. Batutuwan suna bawa maharan nesa damar samun damar amfani da na'urar ba tare da wucewa ba.
Ya zuwa yanzu, an tabbatar da yanayin rashin ƙarfi a cikin na'urorin FiberHome HG6245D da RP2602, har ma da wani ɓangare a cikin na'urorin AN5506-04- *, amma batutuwan na iya shafar wasu nau'ikan router na wannan kamfanin da ba a gwada su ba.
An lura cewa, ta hanyar tsoho, damar IPv4 zuwa ga mai gudanarwa a kan na'urorin binciken an iyakance ga tsarin sadarwar cikin gida, yana ba da damar kawai daga cibiyar sadarwar gida, amma a lokaci guda, Ba a iyakance damar IPv6 ba ta kowace hanya, ba da damar amfani da ƙofofin baya na yanzu yayin amfani da IPv6 daga cibiyar sadarwar waje.
Baya ga gidan yanar gizo wanda ke aiki akan HTTP / HTTPS, na'urorin suna ba da aiki don kunna nesa na kewaya layin umarni, wanda ana iya samun sa ta telnet.
An kunna CLI ta hanyar aika buƙata ta musamman akan HTTPS tare da takaddun takardun shaidarka. Kari akan haka, an gano yanayin rauni (tarin ambaliya) a cikin sabar http wacce ke bautar yanar gizo, wanda akayi amfani da shi ta hanyar aiko da bukata tare da kirkirar kek na HTTP na musamman.
FiberHome HG6245D magudanar sune GPON FTTH magudanar. Ana amfani dasu galibi a Kudancin Amurka da kudu maso gabashin Asiya (daga Shodan). Waɗannan na'urori suna zuwa da farashi masu tsada amma suna da ƙarfi sosai, tare da ƙwaƙwalwar ajiya da ajiya.
Anyi nasarar gwada wasu yanayin lahani akan wasu na'urorin fiberhome (AN5506-04-FA, firmware RP2631, Afrilu 4, 2019). Na'urorin fiberhome suna da tushe iri ɗaya iri ɗaya, don haka wasu na'urorin gida masu fiber (AN5506-04-FA, AN5506-04-FAT, AN5506-04-F) suma suna iya zama masu rauni.
Gaba ɗaya mai binciken ya gano matsalolin tsaro 17, wanda 7 suka shafi sabar HTTP, 6 zuwa sabar telnet sauran kuma suna da alaƙa da gazawar tsarin gaba ɗaya.
An sanar da masu sana'anta matsalolin da aka gano shekara guda da ta wuce, amma ba a sami bayani game da mafita ba.
Daga cikin matsalolin da aka gano akwai masu zuwa:
- Leaked bayani game da subnets, firmware, FTTH dangane ID, IP da MAC adiresoshin a cikin mataki kafin wucewa Tantance kalmar sirri.
- Adana kalmomin shiga na masu amfani a cikin rajista a cikin rubutu bayyananne.
- Bayyanannun ajiyar takardun shaidarka don haɗi zuwa hanyoyin sadarwar waya da kalmomin shiga.
- Tari ya cika kan sabar HTTP.
- Kasancewa a cikin firmware na keɓaɓɓen maɓalli don takaddun shaidar SSL, waɗanda za a iya zazzage su ta HTTPS ("curl https: //host/privkeySrv.pem").
A cikin bincike na farko, farfajiyar harin ba ta da girma:
- - HTTP / HTTPS kawai ke saurara ta tsoho akan LAN
- - Hakanan yana yiwuwa a ba da damar telnetd CLI (ba mai isa gare shi ta hanyar tsoho ba) a tashar jiragen ruwa ta 23 / tcp ta amfani da takaddun bayanan sirri masu ƙarfi a cikin tsarin gudanarwa na yanar gizo.Hakanan, saboda rashin katangar wuta don haɗin IPv6, duk sabis na ciki zai kasance mai sauƙi ta hanyar IPv6 (daga Intanet).
Game da bayan gida da aka gano don kunna telnet, mai binciken ya ambaci hakan lambar uwar garken http ta ƙunshi mai buƙata ta musamman "/ Telnet", da kuma mai kula da "/ fh" don samun dama mai dama.
Ari ga haka, an samo sigogin tantance lambobi masu mahimmanci da kalmomin shiga a cikin firmware. A cikin duka, an gano asusun 23 a cikin lambar uwar garken http, wanda ke da alaƙa da masu ba da sabis daban-daban. Kuma game da hulɗar CLI, a ciki zaku iya fara aiwatar da aikin telnetd daban tare da tushen gata akan tashar hanyar sadarwa ta 26 ta hanyar wucewa da rubutun base64 ban da bayyana ma'anar kalmar shiga ta gaba ɗaya "GEPON" don haɗi zuwa telnet.
A ƙarshe, idan kuna da sha'awar sanin game da shi, za ku iya duba mahaɗin mai zuwa.