15.8 C
London
Friday, August 18, 2017
Home Tags CGI

Tag: CGI

Visceral action, witty dialogue, and more old iPods than you've seen in years.
“Full conversion wasn't necessary, though it will be in time.” So, pucker up!
WiMAX routers from several vendors making use of a custom httpd plugin for libmtk are vulnerable to an authentication bypass allowing a remote,unauthenticated attacker to change the administrator password on the device.
Brother confirms existing footage, not CGI, will be used to complete Episode IX.
New service puts logic closer to users, aims to be "global load balancer" for apps.
This average action film looks so much worse through the lens of its original form.
It’s also one of the best X-Men movies, period.
Several models of Hughes high-performance broadband satellite modems are potentially vulnerable to several issues if not appropriately configured.
Networking device manufacturer Netgear released firmware updates for several router models in order to patch a critical vulnerability that’s publicly known and could be exploited by hackers. The vulnerability was disclosed by a researcher Friday and affects multiple Netgear router models, many from the company’s Nighthawk series.

The company initially confirmed the flaw in three models—R6400, R7000, R8000—but it has since expanded the list to include five more. The models confirmed to be affected so far are: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000.

This list might not be complete as Netgear continues to analyze the flaw’s impact to its entire router portfolio. The company is working on firmware updates for all affected router models, but for now it only released beta versions for R6400, R7000, and R8000.

Beta firmware versions for some of the remaining models will be released as early as Tuesday, the company said in an advisory. “This beta firmware has not been fully tested and might not work for all users,” the company said in its advisory. “Netgear is offering this beta firmware release as a temporary solution, but Netgear strongly recommends that all users download the production version of the firmware release as soon as it is available.” The vulnerability allows attackers to execute arbitrary shell commands on affected devices by sending maliciously crafted HTTP requests to their web-based management interfaces.

The U.S.

CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System (CVSS). Until a firmware update becomes available for their routers, users can use a workaround that actually exploits the vulnerability in order to stop the router’s web server and prevent further exploitation.

This can be done by accessing http://[router_IP_address]/cgi-bin/;killall$IFS’httpd’ in a browser from a computer on the same network as the router, but the mitigation only lasts until the device is rebooted.
Command-injection hole can only be closed by killing web server – or the whole thing Owners of three models of Netgear routers are being advised to exploit a security hole in their broadband boxes to, er, temporarily close said hole.

The alternative is to switch off the boxes until a firmware update lands. Netgear says that the R6400, R7000, and R8000 series routers are all vulnerable to CVE-2016-582384, a command-injection bug that is trivial to exploit: you simply have to trick someone on the router's local network into opening a booby-trapped webpage. We're told R7500, R7800, R8500 and R9000 models are also at-risk. An attacker could direct a victim to a malicious website that abuses the design flaw, or malware on the network could connect to the vulnerable box and exploit the vulnerability directly.

The end result is countless routers potentially being silently meddled with or infected and hijacked. Due to a major bug in the way the routers' builtin HTTP server parses requests, you can inject commands into a box by fetching the following URL: http://<router_IP>/cgi-bin/;COMMAND The web server code executes the given command string effectively as the root user; the underlying operating system is BusyBox Linux.
So, if one of the affected models is usually on the local IP address 192.168.0.1, for example, then the following HTML embedded in a webpage will force a reboot when someone on the LAN visits that page – effectively creating a denial-of-service: <img src="http://192.168.0.1/cgi-bin/;reboot" alt=""> US-CERT says an exploit targeting the flaw has already been publicly disclosed. "Exploiting this vulnerability is trivial," the security bods caution. "Users who have the option of doing so should strongly consider discontinuing use of affected devices until a fix is made available." Administrators, meanwhile, are less than thrilled with Netgear for its security miscue. Are you shitting me @netgear. (Exploit by @Acew0rm1) pic.twitter.com/Y6hLuF0AEv — SwiftOnSecurity (@SwiftOnSecurity) December 11, 2016 Security researcher Acew0rm was credited with discovering and disclosing the flaw over the weekend, as well as developing the proof-of-concept exploit. We're told Ace warned Netgear about this issue months ago but seemingly nothing was done about it. While Netgear says it is still working on a firmware fix for the flaw, US-CERT says the hole can be closed by disabling the router's web server feature with the following URL: http://<router_IP>/cgi-bin/;killall$IFS'httpd' That request, which exploits the vulnerability itself, disables the builtin HTTP server that is used to administer the device.
In other words, customers are being urged to lightly hack their own boxes before an attacker can exploit it for nefarious ends. US-CERT notes that after executing the command, users will be unable to manage or control the router via the HTTP server until the box is rebooted or power cycled.

A software fix is needed from Netgear to permanently squash the bug. "We appreciate and value having security concerns brought to our attention. Netgear constantly monitors for both known and unknown threats," Netgear said in its alert. "Being pro-active rather than re-active to emerging security issues is fundamental for product support at Netgear." ® Sponsored: Customer Identity and Access Management
EnlargeSinchen.Lin reader comments 41 Share this story A variety of Netgear router models are vulnerable to a simple hack that allows attackers to take almost complete control of the devices, security experts warned over the weekend. The critical b...
Several models of Netgear routers are affected by a publicly disclosed vulnerability that could allow hackers to take them over. An exploit for the vulnerability was published Friday by a researcher who uses the online handle Acew0rm. He claims that he reported the flaw to Netgear in August, but didn’t hear back. The issue stems from improper input sanitization in a form in the router’s web-based management interface and allows the injection and execution of arbitrary shell commands on an affected device. The U.S.

CERT Coordination Center (CERT/CC) at Carnegie Mellon University rated the flaw as critical, assigning it a score of 9.3 out of 10 in the Common Vulnerability Scoring System (CVSS). Netgear confirmed the vulnerability over the weekend and said that its R7000, R6400, and R8000 routers might be vulnerable. However, another researcher performed a test and reported that other routers from Netgear’s Nighthawk line are also affected.

These include: R7000, R7000P, R7500, R7800, R8500, and R9000. Users can check if their models are affected by accessing the following URL in a browser when connected to their local area network (LAN): http://[router_ip_address]/cgi-bin/;uname$IFS-a .
If this shows any information other than a error or a blank page, the router is likely affected. In some cases, replacing the IP address with www.routerlogin.net or www.routerlogin.com might also work, because Netgear routers resolve these domains names to their own local IP address. Since the vulnerability can be exploited with an HTTP request that doesn’t require authentication, hackers can attack the affected routers using cross-site request forgery attacks (CSRF).

This works even when the routers don’t have their management interfaces exposed to the Internet. CSRF attacks hijack users’ browsers when visiting specifically crafted webpages and send unauthorized requests through them.

This makes it possible for a malicious website to force a user’s browser to exploit the router over the LAN. CERT/CC recommends that users stop using the affected routers until an official patch becomes available, if they can do so. However, there is a workaround that involves exploiting the flaw to stop the router’s web server and prevent future attacks.

This can be done with the following command: http://[router_IP_address]/cgi-bin/;killall$IFS’httpd’ . Because the web server will be shut down, the management interface will no longer be available and further attempts to exploit the vulnerability will fail, but this is only a temporary solution and needs to be reapplied every time the router is rebooted. In order to protect themselves from CSRF attacks against routers in general, users should change their router’s default IP address. Most of the time, routers will be assigned the first address in a predefined netblock, for example 192.168.0.1, and these are the addresses that hackers will try to attack via CSRF. Routers have become an attractive target for hackers in recent years as they can be used to spy on user traffic and launch other attacks. Most commonly they are infected with malware and used in distributed denial-of-service (DDoS) campaigns. There are many steps that users can take to improve the security of their routers and make it less likely that they will get hacked.