Pane maFibreHome mairaira inoshandiswa nevatapi kubatanidza vanyoreri kuGPON Optical kutaurirana mitsara, 17 nyaya dzekuchengetedza dzakaonekwa, kusanganisira kuvepo kwemashure nehunyanzvi hwakafanotaurwa iyo inobvumira kudzora kure kwemidziyo. Iyo nyaya dzinobvumidza ari kure anorwisa kuti awane midzi kupinda kune chishandiso pasina kupfuudza kwechokwadi.
Parizvino, kushomeka kwakasimbiswa muFibreHome HG6245D uye RP2602 zvishandiso, pamwe nechidimbu mune AN5506-04- * zvishandiso, asi nyaya idzi dzinogona kukanganisa mamwe mamodheru emaraini kubva kukambani iyi asina kuyedzwa.
Zvinoonekwa kuti, nekutadza, IPv4 kuwana kune inoratidziro yemutungamiriri pazvinhu zvakadzidzwa inogumira kune yemukati network interface, inobvumidza kuwana chete kubva kunetiweki yemuno, asi panguva imwe chete, IPv6 kuwana haina kuganhurirwa munzira ipi neipi, kubvumira iwo aripo madhoo ekumashure kuti ashandiswe kana uchiwana IPv6 kubva kunetiweki yekunze.
Pamusoro peiyo webhu interface iyo inoshanda pamusoro peHTTP / HTTPS, zvishandiso zvinopa basa rekunze kumisikidza kwekuraira mutsara interface, kune iyo inogona kuwanikwa kuburikidza netelnet.
Iyo CLI inogoneswa nekutumira yakakosha chikumbiro pamusoro peHTTPS nehunyanzvi hwakafanotaurwa. Zvakare, kushomeka (stack kufashukira) kwakaonekwa mu http server inoshandira iyo webhu interface, ichishandiswa nekutumira chikumbiro ine yakanyanya kuumbwa HTTP kuki kukosha.
FiberHome HG6245D ma routers ari GPON FTTH mairaira. Ivo anonyanya kushandiswa muSouth America uye Southeast Asia (kubva Shodan). Midziyo iyi inouya nemitengo yemakwikwi asi ine simba kwazvo, ine yakawanda yekuyeuka uye yekuchengetedza.
Humwe hurema hwakaedzwa zvakabudirira kupokana nezvimwe zvigadzirwa zvefiberhome (AN5506-04-FA, firmware RP2631, Kubvumbi 4, 2019). Iwo ma fiberhome zvishandiso ane akaenzana akafanana kodhi base, saka mamwe fiber epamba zvishandiso (AN5506-04-FA, AN5506-04-FAT, AN5506-04-F) anogona kunge ari panjodzi futi.
Pose, muongorori akaona 17 matambudziko ekuchengetedza, ayo manomwe anokanganisa server yeHTTP, 6 kune telnet server uye iyo yese inosanganisirwa nehurongwa-hwese kukundikana.
Mugadziri akaudzwa nezvematambudziko akaratidzwa gore rapfuura, asi hapana ruzivo rwe mhinduro rakagamuchirwa.
Pakati pezvinetso zvakaratidzwa pane zvinotevera:
- Rakaburitswa ruzivo nezve subnets, firmware, FTTH yekubatanidza ID, IP uye MAC kero mudariro usati wadarika chokwadi.
- Sevha vashandisi 'mapassword mune rejista mune yakajeka zvinyorwa.
- Plain zvinyorwa zvekuchengetedza zvemazita ekubatanidza kune zvisina waya network uye mapassword.
- Stack kufashukira pane HTTP server.
- Iko kuvapo muiyo firmware yekiyi yakavanzika yezvitupa zveSSL, izvo zvinogona kutorwa pasi kuburikidza neHTTPS ("curl https: //host/privkeySrv.pem").
Mukutanga kuongorora, iyo yekurwisa nzvimbo haina kukura:
- - chete HTTP / HTTPS iri kuteerera nekukasira pane iyo LAN
- - Izvo zvakare zvinokwanisika kugonesa telnetd CLI (isingawanikwe nekumisikidza) pachiteshi 23 / tcp nekushandisa akaomesesa makodhi makodhi muwebhu manejimendi interface.Zvakare, nekuda kwekushomeka kweye firewall ye IPv6 yekubatanidza, ese emukati masevhisi achawanikwa kuburikidza ne IPv6 (kubva paInternet).
Nezve iyo yekumashure imba yakatarwa ye telnet activation, iye muongorori akataura izvozvo http server kodhi ine yakakosha yekubata inobata "/ Telnet", pamwe ne "/ fh" mubati wekuwana mukana.
Pamusoro pezvo, akaomeswa-makodhi echokwadi maparamende uye mapassword akawanikwa muiyo firmware. Pakazara, maakaundi makumi maviri nematatu akaonekwa mu http server kodhi, yakabatana kune vakasiyana vanopa. Uye nezve iyo CLI interface, zvinokwanisika kutanga yakasarudzika telnetd maitiro ane midzi rombo pane network network 23 nekupfuura base26 script kuwedzera kutsanangura yakajairika password "GEPON" yekubatanidza kune telnet.
Chekupedzisira kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona tarisa chinotevera chinongedzo.