4G·ÓÉÆ÷¶à¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-08-13

? ·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-3411 £¬£¬ £¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬ £¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º7.5
CVE±àºÅ£ºCVE-2019-3412 £¬£¬ £¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬ £¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º9.8
CVE±àºÅ£ºCVE-2019-14526 £¬£¬ £¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬ £¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-14527 £¬£¬ £¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬ £¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12103 £¬£¬ £¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬ £¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12104 £¬£¬ £¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬ £¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ÖÐÐËMF920


Netgear Nighthawk M1Òƶ¯Â·ÓÉÆ÷


TP-LINK M7350


·ì϶¸ÅÊö


×êÑÐÈËÔ±ÔÚDEF CON´ó»áÉÏÅû¶ÁË4G·ÓÉÆ÷ÖеĶà¸ö°²È«·ì϶ £¬£¬ £¬£¬£¬£¬ £¬£¬ÊÜÓ°ÏìµÄÆ·ÅÆÔ̺¬ÖÐÐË¡¢Netgear¼°TP-LINK¡£¡£¡£¡£¡£¡£


ÖÐÐËMF920Öеķì϶Ô̺¬ÐÅϢй¶·ì϶£¨CVE-2019-3411£©ºÍ´úÂëÖ´Ðзì϶£¨CVE-2019-3412£©¡£¡£¡£¡£¡£¡£Netgear Nighthawk M1Òƶ¯Â·ÓÉÆ÷Öеķì϶Ô̺¬CSRF·ì϶£¨CVE-2019-14526£©¼°Post-AuthºÅÁî×¢Èë·ì϶£¨CVE-2019-14527£©¡£¡£¡£¡£¡£¡£TP-LINK M7350Öеķì϶Ô̺¬Pre-AuthºÅÁî×¢È루CVE-2019-12103£©ÒÔ¼°Post-AuthºÅÁî×¢È루CVE-2019-12103£©¡£¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


POC£ºhttps://github.com/pentestpartners/defcon27-4grouters¡£¡£¡£¡£¡£¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶ £¬£¬ £¬£¬£¬£¬ £¬£¬²¹¶¡»ñÈ¡Á´½Ó£º


ÖÐÐËMF920£ºhttp://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686 


TP-LINK M7350£ºhttps://www.tp-link.com/uk/support/download/m7350/v3/#Firmware


²Î¿¼Á´½Ó


https://www.bleepingcomputer.com/news/security/4g-router-vulnerabilities-let-attackers-take-full-control/