多个DrayTek路由器/防火墙产品中最近存在一个漏洞(CVE-2020-8515),该漏洞使未经身份验证的用户可以通过远程访问管理页面来轻松获得root用户访问权限。通常,在我购买DrayTek Vigor2862路由器后不久就会发生。
资料来源:
https://nvd.nist.gov/vuln/detail/CVE-2020-8515
https://www.skullarmy.net/2020/01/draytek-unauthenticated-rce-in-draytek.html
https://packetstormsecurity.com/files/156979/DrayTek-Vigor2960-Vigor3900-Vigor300B-Remote-Command-Execution.html
https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515)/
https://www.draytek.com/about/security-advisory
墙纸:https://www.pling.com/p/1374077/
喜欢我的频道吗?请帮助支持它:
Patreon:https://www.patreon.com/quidsup
贝宝:https://www.paypal.me/quidsup
在社交媒体上关注我
推特:https://twitter.com/quidsup
MeWe:https://mewe.com/i/quidsup
介意:https://minds.com/quidsup
#DrayTek#漏洞#CyberSecurity。
Affiliate link for the DrayTek Vigor2862AC router I purchased: https://www.amazon.co.uk/gp/product/B076JMFRBM/ref=as_li_tl?ie=UTF8&camp=1634&creative=6738&creativeASIN=B076JMFRBM&linkCode=as2&tag=quidsup-21&linkId=c3aa2f854e22fcfc4d38d15c56d64cd9
How does OpenWRT compare?
Gotta love buying brand new products only to find them vulnerable to exploits 😀 in any case, good on DrayTek to make it right. I'm due for a router upgrade, might have to give them a try!
I'm a little shocked you aren't running pfSense / OPNSense on your router. You don't even need an insane hardware, just get an old PC, a dual NIC Intel NUC or MintBox or AMD embedded CPU equivalent, or build your own low power consumption one with cheap Celeron quad-cores (they are based on Atom architecture) or a little more expensive Celeron dual cores (based on typical desktop architecture, like core i's). Then use an old router in bridge mode just as an access point (or even leave it like you normally do, but behind pfSense). You can then install the Snort or Suricata plugins on pfSense and inspect the traffic coming to your home. I'm pretty sure you will be absolutely bombarded with questions and recommendations involving pfSense / OPNSense. Well, if you ask me, it only takes 15-30 minutes to read a little about it and plan a router build (there are lots of people doing content around it).
Hello, How to setup DDClient – Dynamic DNS IP Updater for Freebsd on mode text Ok.. thank you – and I wait your return .
I recently switched my setup from a Deutsche Telekom Business Router (Actually made by bintec-elmeg) to a Turris Omnia 2019 in combination with a DrayTek VDSL Router / Modem. DrayTek has really nice resources for help and works really well for me.
Who exposes their web admin ports on the internet anyway? An L2TP-IPsec VPN will be better. However, this vulnerability might be exploitable if an attacker infiltrates a host within the LAN.
I'm just curious why you wouldn't go for a pfsense or opensense solution? Simply didn't want to set it up?
Why not something from Mikrotik? They fix vulnerabilities quickly and lifetime updates.
Edit: I see… you have DSL.
I would wanted to watch some real exploitation..
Why not just make a pfsense router?