Kumarutha we-FiberHome esetshenziswa abahlinzeki ukuxhuma ababhalisile kulayini wokuxhumana we-GPON optical, Kutholwe izindaba zezokuphepha eziyi-17, okubandakanya ukuba khona kwabangemuva ngezimpawu ezichazwe ngaphambilini evumela ukulawula okukude kwemishini. Izingqinamba zivumela umhlaseli okude ukuthi athole ukufinyelela kwezimpande kudivayisi ngaphandle kokudlulisa ubuqiniso.
Kuze kube manje, ukuba sengozini kuqinisekisiwe kumadivayisi we-FiberHome HG6245D ne-RP2602, kanye nakwamanye amadivayisi we-AN5506-04- *, kepha izingqinamba zingathinta amanye amamodeli we-router avela kule nkampani angakahlolwa.
Kuyabonakala ukuthi, ngokuzenzakalela, ukufinyelela kwe-IPv4 kusixhumi esibonakalayo somlawuli kumadivayisi afundwayo kukhawulelwe kusixhumi esibonakalayo sangaphakathi senethiwekhi, esivumela ukufinyelela kuphela kunethiwekhi yendawo, kodwa ngasikhathi sinye, Ukufinyelela kwe-IPv6 akukhawulelwe nganoma iyiphi indlela, ukuvumela iminyango yangemuva ekhona ukuthi isetshenziswe lapho ufinyelela i-IPv6 kusuka kunethiwekhi yangaphandle.
Ngokungeziwe kusixhumi esibonakalayo sewebhu esebenza ngaphezulu kwe-HTTP / HTTPS, amadivayisi ahlinzeka umsebenzi wokwenza kusebenze okukude kwesibonisi somugqa womyalo, kuso ingatholakala nge-telnet.
I-CLI yenziwe yasebenza ngokuthumela isicelo esikhethekile nge-HTTPS ngezimpawu ezichazwe ngaphambilini. Futhi, kutholakale ubungozi (ukugcwala kwesitaki) kuseva ye-http esebenza i-web interface, yaxhashazwa ngokuthumela isicelo ngenani lekhukhi le-HTTP elakhiwe ngokukhethekile.
Imizila ye-FiberHome HG6245D ngama-GPON FTTH routers. Zisetshenziswa ikakhulukazi eNingizimu Melika naseNingizimu-mpumalanga ye-Asia (kusuka eShodan). Lawa madivayisi eza ngamanani ancintisanayo kepha anamandla amakhulu, anememori nokugcinwa okuningi.
Okunye ukuba sengozini kuhlolwe ngempumelelo kwamanye amadivayisi we-fiberhome (AN5506-04-FA, firmware RP2631, Ephreli 4, 2019). Amadivayisi we-fiberhome anesisekelo sekhodi esilinganayo, ngakho-ke amanye amadivayisi we-fiber home (AN5506-04-FA, AN5506-04-FAT, AN5506-04-F) nawo angaba sengozini.
Ngokuphelele, umcwaningi wakhomba izinkinga zokuphepha eziyi-17, eziyi-7 ezithinta iseva ye-HTTP, 6 kuseva ye-telnet futhi konke okunye kuhlotshaniswa nokwehluleka kohlelo lonke.
Umenzi waziswa ngezinkinga ezikhonjwe onyakeni owedlule, kepha akukho lwazi ngesisombululo olutholakele.
Phakathi kwezinkinga ezihlonziwe yilezi ezilandelayo:
- Imininingwane evuzayo mayelana nama-subnet, i-firmware, i-FTTH ID connection, i-IP ne-MAC amakheli esiteji ngaphambi kokudlulisa ubuqiniso.
- Gcina amaphasiwedi wabasebenzisi kwirejista ngombhalo ocacile.
- Ukugcina umbhalo ongenalutho wokuqinisekisa ukuxhuma kumanethiwekhi angenazintambo namaphasiwedi.
- Ukugcwala kwesitaki kuseva ye-HTTP.
- Ubukhona ku-firmware yokhiye oyimfihlo wezitifiketi ze-SSL, ezingalandwa nge-HTTPS ("curl https: //host/privkeySrv.pem").
Ekuhlaziyweni kokuqala, indawo yokuhlasela ayinkulu:
- - yi-HTTP / HTTPS kuphela elalela ngokuzenzakalela ku-LAN
- - Kungenzeka futhi ukunika amandla i-telnetd CLI (engatholakali ngokuzenzakalela) ethekwini 23 / tcp ngokusebenzisa iziqinisekiso ezinamakhodi aqinile kusixhumi esibonakalayo sokuphathwa kwewebhu.Futhi, ngenxa yokushoda kwe-firewall yokuxhuma kwe-IPv6, zonke izinsizakalo zangaphakathi zizotholakala nge-IPv6 (evela kwi-Intanethi).
Mayelana nomnyango ongemuva okhonjelwe ukusebenza kwetelnet, umcwaningi usho lokho Ikhodi yeseva ye-http iqukethe isiphathi sesicelo esikhethekile "/ I-Telnet", kanye nesiphathi se "/ fh" sokuthola ilungelo elikhethekile.
Ngokwengeziwe, kutholwe imingcele yokuqinisekisa enekhodi enzima namaphasiwedi ku-firmware. Sekukonke, ama-akhawunti angama-23 atholwa kukhodi yeseva ye-http, exhunywe kubahlinzeki abahlukahlukene. Ngokuqondene nesixhumi esibonakalayo se-CLI, kungenzeka ukuqala inqubo ehlukile ye-telnetd enamalungelo ezimpande ethekwini yenethiwekhi 26 ngokudlulisa iskripthi se-base64 ngaphezu kokuchazwa kwephasiwedi ejwayelekile "GEPON" yokuxhuma ku-telnet.
Ekugcineni uma unentshisekelo yokwazi okwengeziwe ngakho, unga hlola isixhumanisi esilandelayo.