韓國市佔 80% 中國製造路由器 TOTOLINK 被爆設有後門

http://unwire.pro/2015/07/23/made-in-china-router-totolink-backdoor/

https://threatpost.com/totolink-routers-plagued-by-xss-csrf-rce-bugs/113816

不過咁
TotoLink actually updated the firmware for a dozen different router models this past Monday. While the two researchers point out the company appears to have silently fixed the HTTP RCE in the A2004NS and EX750 routers, the issues in the other routers still remain.

via HKEPC Reader for Android

唔知轉左韓版,應該邊個version 才無事呢?

TOP

以為只係漏洞,原來真係有後門:

http://pierrekim.github.io/blog/ ... OLINK-products.html

TOP

唔知轉左韓版,應該邊個version 才無事呢?
hkocx 發表於 2015-7-23 19:26



totolink本身就係泡菜野....用韓版FW可能仲嚴重

TOP

其實iptime firmware 9.58 for 2004ns 係唔係一早fix 左?

http://www.hkepc.com/forum/viewt ... mp;highlight=iptime
固件信息
◾固件版本:9.58
◾固件狀態:完整版
◾固件文件:韓文 - a2004ns_kr_9_58.bin/英語 - a2004ns_en_9_58.bin
添加惡意腳本訪問保護(CSRF)功能
     - 內部IP/廣域網IP/ DDNS主機名設置為與路由器的唯一設置頁面可以連接在路由器。
     - 要訪問一個不同的主機名[安全設置] - >其他安全設置] - > [惡意腳本的訪問保護 - 函數
     必須添加的名稱,以允許訪問的域。

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

iptime 2004ns Firmware Version: 9.72
http://iptime.com/iptime/?uid=16 ... ment&page_id=16

Changes:
1) DHCP-related security issues resolved (discoverer: Pierre Kim)
2) Page breakage occurs when troubleshooting connection management page, etc. Smart phones and pads

TOP

iptime 2004ns Firmware Version: 9.72


Changes:
1) DHCP-related security issues resolved (discover ...
Livermore 發表於 2015-7-23 20:23


韓版唔識睇,佢又唔肯出英文版

TOP

學埋小米錄野,永不錄用

TOP

以為只係漏洞,原來真係有後門:
smoke_cheese 發表於 2015-7-23 19:31


It affects 4 TOTOLINK products (firmwares come from totolink.net and from totolink.cn):

- G150R-V1 : last firmware 1.0.0-B20150330 (TOTOLINK-G150R-V1.0.0-B20150330.1734.web)
- G300R-V1 : last firmware 1.0.0-B20150330 (TOTOLINK-G300R-V1.0.0-B20150330.1816.web)
- N150RH-V1 : last firmware 1.0.0-B20131219 (TOTOLINK-N150RH-V1.0.0-B20131219.1014.web)
- N301RT-V1 : last firmware 1.0.0 (TOTOLINK N301RT_V1.0.0.web)

TOP