Txog 17 qhov tsis yooj yim thiab sab nraub qaum tau pom nyob hauv FiberHome cov khoom siv

Ntawm FiberHome routers siv los ntawm cov muab kev pabcuam los txuas cov neeg siv rau GPON kho qhov muag sib txuas lus, 17 kev ruaj ntseg muaj teeb meem, suav nrog cov nyob ze rov qab nrog cov peev txheej muaj nuj nqis uas tso cai tswj cov chaw taws teeb. Cov teeb meem tso cai rau cov chaw taws teeb nres kom nkag mus rau hauv paus nkag mus rau hauv lub cuab yeej yam tsis muaj kev txheeb xyuas qhov tseeb.

Txog tam sim no, qhov tsis txaus ntseeg tau pom zoo hauv FiberHome HG6245D thiab RP2602 cov cuab yeej, nrog rau qee yam hauv AN5506-04- * khoom, tab sis cov teeb meem yuav cuam tshuam lwm cov qauv router los ntawm lub tuam txhab no uas tsis tau sim.

Nws pom tau tias, los ntawm kev pib, IPv4 nkag rau cov thawj coj interface rau cov khoom siv kawm tiav yog tas rau sab hauv network sib txuas, tso cai nkag ntawm lub network hauv zos, tab sis tib lub sijhawm, Kev siv IPv6 tsis txwv nyob rau hauv txhua txoj kev, tso cai rau lub qhov rooj qub uas twb muaj lawm thaum nkag mus rau IPv6 los ntawm lub network sab nraud.

Ntxiv nrog rau lub vev xaib interface uas ua haujlwm dhau HTTP / HTTPS, cov khoom siv muab ib qho haujlwm rau kev ua kom nyob deb ntawm kev hais kom ua kab interface, rau cov uas nws tuaj yeem nkag mus hauv telnet.

Lub CLI raug cuam tshuam los ntawm kev xa cov lus thov tshwj xeeb dhau HTTPS nrog cov peev txheej muaj nuj nqis. Tsis tas li ntawd, qhov tsis muaj zog (pawg dhau los) tau kuaj pom hauv http server pabcuam ntawm lub vev xaib, siv los ntawm kev xa daim ntawv thov nrog qhov tshwj xeeb tau tsim cov khaub noom HTTP tus nqi.

FiberHome HG6245D routers yog GPON FTTH routers. Lawv tsuas yog siv hauv South America thiab Southeast Asia (los ntawm Shodan). Cov cuab yeej siv no los ntawm cov nqi sib tw tab sis muaj zog heev, nrog ntau lub cim xeeb thiab cia.

Qee qhov tsis yooj yim tau sim ua tiav rau lwm cov khoom siv fiberhome (AN5506-04-FA, firmware RP2631, Plaub Hlis 4, 2019). Cov khoom siv fiberhome muaj qhov zoo sib xws, yog li lwm cov khoom siv fiber ntau hauv tsev (AN5506-04-FA, AN5506-04-FAT, AN5506-04-F) yog qhov muaj kev pheej hmoo ib yam nkaus.

Nyob rau hauv tag nrho, tus kws tshawb fawb txheeb xyuas 17 teeb meem kev nyab xeeb, ntawm 7 qhov cuam tshuam rau HTTP server, 6 mus rau telnet server thiab so tau txuam nrog kev ua haujlwm thoob plaws hauv qhov ua tsis sib xws.

Cov neeg tsim khoom tau ceeb toom txog cov teeb meem tau txheeb pom xyoo dhau los, tab sis tsis tau txais cov xov xwm hais txog kev daws teeb meem.

Ntawm cov teeb meem pom tau muaj cov hauv qab no:

  • Cov ntaub ntawv tso tawm txog subnets, firmware, FTTH txuas tus ID, IP thiab MAC chaw nyob hauv theem ua ntej dhau kev lees paub.
  • Txuag cov neeg siv 'password rau hauv kev sau npe hauv cov ntawv ntshiab.
  • Lub tiaj cov ntawv sau cia ntawm cov ntawv pov thawj los txuas rau wireless network thiab passwords.
  • Tshooj txeej ntawm HTTP server.
  • Lub xub ntiag nyob rau hauv lub firmware ntawm tus yuam sij ntiag tug rau SSL daim ntawv pov, uas tuaj yeem rub tawm ntawm HTTPS ("curl https: //host/privkeySrv.pem").

Hauv kev txheeb xyuas thawj zaug, qhov chaw nres yog tsis loj:
- - tsuas yog HTTP / HTTPS tau mloog los ntawm lub neej ntawm LAN
- - Nws kuj tseem tuaj yeem ua kom muaj telnetd CLI (siv tsis tau los ntawm lub neej ntawd) ntawm chaw nres nkoj 23 / tcp los ntawm kev siv cov ntawv pov thawj nyuaj hauv lub web administration interface.

Tsis tas li, vim tsis muaj lub foob pob hluav taws rau IPv6 kev sib txuas, txhua qhov kev pabcuam sab hauv yuav nkag tau los ntawm IPv6 (los ntawm Is Taws Nem).

Hais txog qhov rov qab sab nraud tau txheeb xyuas rau kev ua kom telnet, cov kws tshawb nrhiav hais tias http server code muaj qhov tshwj xeeb thov handler "/ Telnet", ntxiv rau "/ fh" tus tuav rau kev nkag rau qhov tsim nyog.

Tsis tas li ntawd, nyuaj-coded authentication tsis thiab tus password tau pom nyob hauv cov firmware. Hauv tag nrho, 23 tus account tau txheeb xyuas hauv http server code, txuas rau cov muab kev pabcuam sib txawv. Thiab raws li rau CLI interface, hauv nws koj tuaj yeem pib sib cais telnetd cov txheej txheem nrog cov cai hauv paus ntawm lub chaw nres nkoj 26 los ntawm dhau ib tsab ntawv base64 ntxiv rau kev txhais cov lus zais dav dav "GEPON" los txuas rau telnet.

Thaum kawg, yog tias koj xav paub txog nws ntau ntxiv, koj tuaj yeem ua tau khij cov kab ntawv hauv qab no.


Cov ntsiab lus ntawm tsab xov xwm ua raws li peb cov ntsiab cai ntawm kev tswj hwm kev ncaj nceesCov. Tshaj tawm ib qho yuam kev nyem no.

Yog thawj tus tuaj tawm tswv yim

Tso koj saib

Koj email chaw nyob yuav tsis tsum luam tawm.

*

*

  1. Lub luag haujlwm rau cov ntaub ntawv: Miguel Ángel Gatón
  2. Lub hom phiaj ntawm cov ntaub ntawv: Tswj SPAM, kev tswj xyuas tawm tswv yim.
  3. Sau raws cai: Koj kev tso cai
  4. Kev sib txuas lus ntawm cov ntaub ntawv: Cov ntaub ntawv yuav tsis raug xa mus rau lwm tus neeg thib peb tsuas yog los ntawm kev txiav txim siab raug cai.
  5. Cov ntaub ntawv khaws cia: Cov Ntaub Ntawv khaws tseg los ntawm Occentus Networks (EU)
  6. Txoj Cai: Txhua lub sijhawm koj tuaj yeem txwv, rov qab thiab tshem tawm koj cov ntaub ntawv.