4G·ÓÉÆ÷¶à¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-08-13

? Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-3411£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5
CVE±àºÅ£ºCVE-2019-3412£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8
CVE±àºÅ£ºCVE-2019-14526£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-14527£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12103£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12104£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÖÐÐËMF920


Netgear Nighthawk M1Òƶ¯Â·ÓÉÆ÷


TP-LINK M7350


Îó²î¸ÅÊö


Ñо¿Ö°Ô±ÔÚDEF CON´ó»áÉÏÅû¶ÁË4G·ÓÉÆ÷ÖеĶà¸öÇå¾²Îó²î£¬£¬£¬£¬£¬ÊÜÓ°ÏìµÄÆ·ÅÆ°üÀ¨ÖÐÐË¡¢Netgear¼°TP-LINK¡£¡£¡£ ¡£¡£¡£


ÖÐÐËMF920ÖеÄÎó²î°üÀ¨ÐÅϢй¶Îó²î£¨CVE-2019-3411£©ºÍ´úÂëÖ´ÐÐÎó²î£¨CVE-2019-3412£©¡£¡£¡£ ¡£¡£¡£Netgear Nighthawk M1Òƶ¯Â·ÓÉÆ÷ÖеÄÎó²î°üÀ¨CSRFÎó²î£¨CVE-2019-14526£©¼°Post-AuthÏÂÁî×¢ÈëÎó²î£¨CVE-2019-14527£©¡£¡£¡£ ¡£¡£¡£TP-LINK M7350ÖеÄÎó²î°üÀ¨Pre-AuthÏÂÁî×¢È루CVE-2019-12103£©ÒÔ¼°Post-AuthÏÂÁî×¢È루CVE-2019-12103£©¡£¡£¡£ ¡£¡£¡£


Îó²îÑéÖ¤


POC£ºhttps://github.com/pentestpartners/defcon27-4grouters¡£¡£¡£ ¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º


ÖÐÐËMF920£ºhttp://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686 


TP-LINK M7350£ºhttps://www.tp-link.com/uk/support/download/m7350/v3/#Firmware


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/