4G·ÓÉÆ÷¶à¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-08-13

? ·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-3411£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º7.5
CVE±àºÅ£ºCVE-2019-3412£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º9.8
CVE±àºÅ£ºCVE-2019-14526£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-14527£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12103£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12104£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÖÐÐËMF920


Netgear Nighthawk M1Òƶ¯Â·ÓÉÆ÷


TP-LINK M7350


·ì϶¸ÅÊö


×êÑÐÈËÔ±ÔÚDEF CON´ó»áÉÏÅû¶ÁË4G·ÓÉÆ÷ÖеĶà¸ö°²È«·ì϶£¬ÊÜÓ°ÏìµÄÆ·ÅÆÔ̺¬ÖÐÐË¡¢Netgear¼°TP-LINK¡£


ÖÐÐËMF920Öеķì϶Ô̺¬ÐÅϢй¶·ì϶£¨CVE-2019-3411£©ºÍ´úÂëÖ´Ðзì϶£¨CVE-2019-3412£©¡£Netgear Nighthawk M1Òƶ¯Â·ÓÉÆ÷Öеķì϶Ô̺¬CSRF·ì϶£¨CVE-2019-14526£©¼°Post-AuthºÅÁî×¢Èë·ì϶£¨CVE-2019-14527£©¡£TP-LINK M7350Öеķì϶Ô̺¬Pre-AuthºÅÁî×¢È루CVE-2019-12103£©ÒÔ¼°Post-AuthºÅÁî×¢È루CVE-2019-12103£©¡£


·ì϶ÑéÖ¤


POC£ºhttps://github.com/pentestpartners/defcon27-4grouters¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬²¹¶¡»ñÈ¡Á´½Ó£º


ÖÐÐËMF920£ºhttp://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686 


TP-LINK M7350£ºhttps://www.tp-link.com/uk/support/download/m7350/v3/#Firmware


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/