¡¾Îó²îͨ¸æ¡¿Netgear Circle Ô¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-40847£©
Ðû²¼Ê±¼ä 2021-09-220x00 Îó²î¸ÅÊö
CVE ID | CVE-2021-40847 | ʱ ¼ä | 2021-09-20 |
Àà ÐÍ | RCE | µÈ ¼¶ | ¸ßΣ |
Ô¶³ÌʹÓà | ÊÇ | Ó°Ïì¹æÄ£ | |
¹¥»÷ÖØÆ¯ºó | ¸ß | ¿ÉÓÃÐÔ | ¸ß |
Óû§½»»¥ | ÎÞ | ËùÐèȨÏÞ | ÎÞ |
PoC/EXP | ÒѹûÕæ | ÔÚҰʹÓà |
0x01 Îó²îÏêÇé
2021Äê9ÔÂ20ÈÕ£¬£¬£¬£¬£¬£¬NetgearÐû²¼Ç徲ͨ¸æ£¬£¬£¬£¬£¬£¬ÐÞ¸´ÁËÔÚCircle parental control service£¨Circle¼Ò³¤¿ØÖÆÐ§ÀÍ£©Öз¢Ã÷µÄÒ»¸öÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¨CVE-2021-40847£©£¬£¬£¬£¬£¬£¬¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ8.1¡£¡£¡£
Circle¼Ò³¤¿ØÖÆÐ§ÀÍÔÚ¶àÖÖNetgearСÐͰ칫ÊÒ/¼ÒÍ¥°ì¹«ÊÒ£¨SOHO£©×°±¸ÉÏÒÔ root ȨÏÞÔËÐС£¡£¡£ÓÉÓÚNetgear·ÓÉÆ÷ÉϵÄCircle¼Ò³¤¿ØÖÆÐ§Àͱ£´æ²»Çå¾²µÄ¸üÐÂÀú³Ì£¬£¬£¬£¬£¬£¬¾ßÓÐÍøÂç»á¼ûȨÏÞµÄÔ¶³Ì¹¥»÷Õß¿ÉÒÔͨ¹ýÖÐÐÄÈË£¨MitM£©¹¥»÷ÒÔrootȨÏÞÔ¶³ÌÖ´ÐдúÂë¡£¡£¡£
ËäÈ»¼Ò³¤¿ØÖÆ×Ô¼ºÔÚ·ÓÉÆ÷ÉÏĬÈÏûÓÐÆôÓ㬣¬£¬£¬£¬£¬µ«CircleµÄ¸üÐÂÊØ»¤Àú³ÌĬÈÏÊÇÆôÓõġ£¡£¡£¸ÃÊØ»¤³ÌÐòÅþÁ¬µ½CircleºÍNETGEAR£¬£¬£¬£¬£¬£¬ÒÔ»ñµÃ°æ±¾ÐÅÏ¢ºÍcircledÊØ»¤³ÌÐò¼°Æä¹ýÂËÊý¾Ý¿âµÄ¸üС£¡£¡£È»¶ø£¬£¬£¬£¬£¬£¬NETGEARµÄÊý¾Ý¿â¸üÐÂÊÇûÓÐÊðÃûµÄ£¬£¬£¬£¬£¬£¬²¢Í¨¹ýÃ÷ÎÄHTTPÏÂÔØ¡£¡£¡£Òò´Ë£¬£¬£¬£¬£¬£¬Äܹ»¶Ô×°±¸¾ÙÐÐMitM¹¥»÷µÄ¹¥»÷Õß¿ÉÒÔÓöñÒâÖÆ×÷µÄѹËõÊý¾Ý¿âÎļþÏìÓ¦circled¸üÐÂÇëÇ󣬣¬£¬£¬£¬£¬ÌáÈ¡¸ÃÎļþºó£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔÓÿØÖƵĴúÂëÁýÕÖ¿ÉÖ´ÐÐÎļþ¡£¡£¡£Ö®ºó£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔÍêÈ«¿ØÖÆÍ¨¹ýÊÜѬȾ·ÓÉÆ÷µÄÍøÂçÁ÷Á¿£¬£¬£¬£¬£¬£¬´Ó¶ø¶ÁÈ¡ÓëÆäËü×°±¸½»Á÷µÄ¼ÓÃÜÊý¾Ý£¬£¬£¬£¬£¬£¬ÉõÖÁ¿ÉÒÔͨ¹ý¹¥»÷Á´ÆÆËðISP»òÆóÒµÍøÂç¡£¡£¡£
Ó°Ïì¹æÄ£
0x02 ´¦Öóͷ£½¨Òé
ÏÖÔÚ¸ÃÎó²îÒѾÐÞ¸´£¬£¬£¬£¬£¬£¬½¨ÒéÊÜÓ°ÏìµÄÓû§ÊµÊ±Éý¼¶¸üС£¡£¡£
NETGEAR ²úÆ·ÏÂÔØ×îй̼þ£º
1.»á¼ûNETGEAR Ö§³Ö¡£¡£¡£
2.ÔÚËÑË÷¿òÖÐÊäÈëÄúµÄÐͺţ¬£¬£¬£¬£¬£¬È»ºóÔÚÏÂÀ²Ëµ¥ÖÐÑ¡ÔñÄúµÄÐͺ𣡣¡£
ÈôÊÇÄúûÓп´µ½ÏÂÀ²Ëµ¥£¬£¬£¬£¬£¬£¬ÇëÈ·±£ÄúÊäÈëÁË׼ȷµÄÐͺţ¬£¬£¬£¬£¬£¬»òÕßÑ¡ÔñÒ»¸ö²úÆ·ÖÖ±ðÀ´ä¯ÀÀÄúµÄ²úÆ·Ðͺ𣡣¡£
3.µ¥»÷ÏÂÔØ¡£¡£¡£
4.ÔÚÄ¿½ñ°æ±¾Ï£¬£¬£¬£¬£¬£¬Ñ¡ÔñÎÊÌâÒԹ̼þ°æ±¾¿ªÍ·µÄµÚÒ»¸öÏÂÔØ¡£¡£¡£
5.µ¥»÷¿¯ÐÐ˵Ã÷¡£¡£¡£
6.ƾ֤¹Ì¼þ¿¯ÐÐ˵Ã÷ÖеÄ˵Ã÷ÏÂÔØ²¢×°ÖÃй̼þ¡£¡£¡£
ÏÂÔØÁ´½Ó£º
https://www.netgear.com/support/
0x03 ²Î¿¼Á´½Ó
https://kb.netgear.com/000064039/Security-Advisory-for-Remote-Code-Execution-on-Some-Routers-PSV-2021-0204
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
https://www.bleepingcomputer.com/news/security/netgear-fixes-dangerous-code-execution-bug-in-multiple-routers/
0x04 ¸üа汾
°æ±¾ | ÈÕÆÚ | ÐÞ¸ÄÄÚÈÝ |
V1.0 | 2021-09-22 | Ê×´ÎÐû²¼ |
0x05 Îĵµ¸½Â¼
CNVD£ºwww.cnvd.org.cn
CNNVD£ºwww.cnnvd.org.cn
CVE£ºcve.mitre.org
CVSS£ºwww.first.org
NVD£ºnvd.nist.gov
0x06 ¹ØÓÚ¼øºÚµ£±£Íø
¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬£¬£¬£¬»ñÈ¡¸ü¶à×ÊѶ£º