محققان دانشگاه مادرید اسامی 22 روتر آسیب پذیر را منتشر کردند.
از روترهایی مانند D-Link DSL-2750B تا Linksys WRT54GL در تست امنیتی نتوانستند جوازهای لازم را دریافت کنند.
بر این اساس این دستگاهها زیر حملاتی مانند XSS، CSRF، DOS و بای پس شدن تأییدیه ورود مقاومت نکردند و به همین خاطر نفوذ پذیر اعلام شدند.
گفتنی است این روترها هم خانگی و هم تجاری محسوب میشوند.
اسامی روترها و نوع آسیب پذیریشان به شرح زیر است:
1. Observa Telecom AW4062
2. Comtrend WAP-5813n
3. Comtrend CT-5365
4. D-Link DSL-2750B
5. Belkin F5D7632-4
6. Sagem LiveBox Pro 2 SP
7. Amper Xavi 7968 and 7968+
8. Sagem Fast 1201
9. Linksys WRT54GL
10. Observa Telecom RTA01N
11. Observa Telecom Home Station BHS-RTA
12. Observa Telecom VH4032N
13. Huawei HG553
14. Huawei HG556a
15. Astoria ARV7510
16. Amper ASL-26555
17. Comtrend AR-5387un
18. Netgear CG3100D
19. Comtrend VG-8050
20. Zyxel P 660HW-B1A
21. Comtrend 536+
22. D-Link DIR-600
2. Comtrend WAP-5813n
3. Comtrend CT-5365
4. D-Link DSL-2750B
5. Belkin F5D7632-4
6. Sagem LiveBox Pro 2 SP
7. Amper Xavi 7968 and 7968+
8. Sagem Fast 1201
9. Linksys WRT54GL
10. Observa Telecom RTA01N
11. Observa Telecom Home Station BHS-RTA
12. Observa Telecom VH4032N
13. Huawei HG553
14. Huawei HG556a
15. Astoria ARV7510
16. Amper ASL-26555
17. Comtrend AR-5387un
18. Netgear CG3100D
19. Comtrend VG-8050
20. Zyxel P 660HW-B1A
21. Comtrend 536+
22. D-Link DIR-600
The aforementioned vulnerabilities are:
– Persistent Cross Site Scripting (XSS) on #1, #2, #3, #6, #10, #12, #13,
#14, #16, #17, #18, #19 and #20.
– Unauthenticated Cross Site Scripting on #3, #7, #8, #9, #10, #14, #16,
#17 and #19.
– Cross Site Request Forgery (CSRF) on #1, #2, #3, #5, #10, #12, #13, #14,
#15, #16, #18 and #20.
– Denial of Service (DoS) on #1, #5 and #10.
– Privilege Escalation on #1.
– Information Disclosure on #4 and #11.
– Backdoor on #10.
– Bypass Authentication using SMB Symlinks on #12.
– USB Device Bypass Authentication on #12, #13, #14 and #15.
– Bypass Authentication on #13 and #14.
– Universal Plug and Play related vulnerabilities on #2, #3, #4, #5, #6,
#7, #10, #11, #12, #13, #14, #16, #21 and #22.
– Persistent Cross Site Scripting (XSS) on #1, #2, #3, #6, #10, #12, #13,
#14, #16, #17, #18, #19 and #20.
– Unauthenticated Cross Site Scripting on #3, #7, #8, #9, #10, #14, #16,
#17 and #19.
– Cross Site Request Forgery (CSRF) on #1, #2, #3, #5, #10, #12, #13, #14,
#15, #16, #18 and #20.
– Denial of Service (DoS) on #1, #5 and #10.
– Privilege Escalation on #1.
– Information Disclosure on #4 and #11.
– Backdoor on #10.
– Bypass Authentication using SMB Symlinks on #12.
– USB Device Bypass Authentication on #12, #13, #14 and #15.
– Bypass Authentication on #13 and #14.
– Universal Plug and Play related vulnerabilities on #2, #3, #4, #5, #6,
#7, #10, #11, #12, #13, #14, #16, #21 and #22.
خبرآنلاین
