ã¡ãã£ã¢èšäº
ãããã¡ããŒè£œWi-Fiã«ãŒã¿ãŒã«è€æ°ã®è匱æ§
ããºãææ°ããŒã¯ 74
twitterã³ã¡ã³ã 101ä»¶äž 1ïœ100件
CVE-2021-3511ã®ã»ãã«åŒã£ããã£ãŠããã
å¿äœãªã粟ç¥ã§äœ¿ã£ãŠãããããªäºã«
å€ããŠã䜿ããŠããèšå®ãé¢åã ããããšé·å¹Žäœ¿ã£ãŠãæ¹ã¯åçªã®ç¢ºèªãã
JVNVU ãããã¡ããŒè£œã«ãŒã¿ã«ãããè€æ°ã®è匱æ§
ãªã¢ãŒãã¯ãŒã¯å¢ã®æ¹ã
ãæ°ãã€ããã ããã
ãã©ãã£ãé
ä¿¡äžã«ã¢ãããããã¢ãã¯ããã§ããä»ã«ããã䜿ã£ãŠã人ããããã¢ãããè²·ãæ¿ãæ°ãã€ããŠãâŠã
ããã®åœ±é¿âŠïŒ
3æ¥åã®æ
å ±ãªã®ã§ãããåç¥ãªããã¿ãŸãã
ãã£ããããŠãããã¡ã®WiFiããããã¡ããŒãªãã ããã察象æ©åšãããªãã£ããã©10幎ãããåã®ã€ãã ããµããŒãã®é¢ä¿ã§èª¿æ»ãããŠãªãã ãã£ãŠèœã¡ãããããããšããããšã§ããããè²·ãæ¿ãæã§ã¯ãããè¯ããã®ãããã°æãåã£ãŠæ°ããããŠããŸãããšæãã
該åœããŠãã
å€ãã«ãŒã¿ãŒã ãã©ãã¡ãŒã ãŠã§ã¢ãã£ãããè¯ãã£ããã©ãç¡ãã£ããæ¥ãã§æ°ããã®ã«ããªããã°ã»ã»ã»
ãŸãããã®æ¹ãæ°ããããçç±ãåºæ¥ãŠè¯ãã£ãã®ããç¥ããªããã
å€ãã«ãŒã¿ãŒã ãã©ãã¡ãŒã ãŠã§ã¢ãã£ãããè¯ãã£ããã©ãç¡ãã£ããæ¥ãã§æ°ããã®ã«ããªããã°ã»ã»ã»
ãŸãããã®æ¹ãæ°ããããçç±ãåºæ¥ãŠè¯ãã£ãã®ããç¥ããªããã
11né察å¿ã¯ãã䜿ã£ãŠãªãã ããšãã15幎åäœã«ãªããããªæ©çš®ã¯ãªã
ãŸã ããã·ã§ããããã£ãé ã«ãªããS/Nåãåã£ãŠçŠè¢ã«å
¥ã£ãŠããã§OpenWRTå
¥ããŠã¡ãã£ãšäœ¿ã£ãããã®ãåºã®çŠè¢ã¯ã¡ãã£ãšæ¥œããã£ãã ïŒ
ååŸè²·ãã«è¡ããæµç³ã«10幎ãããå€ããŠãªããã
New post: ãåŸã§èªã¿ããïŒã
䜿ã£ãŠã¯ããªããã©ã転ãã£ãŠã¯ãããwww
ããïŒé£äŒã«ã³ã¬ããïŒ
è匱æ§2ã€ã®ãã¡CVE-2021-20716察象ã®ã«ãŒã¿ãŒã¯ãµããŒãçµäºã§ã¢ããããŒãã¯æäŸãããŸãããæ©çš®ããã§ãã¯ããŠè²·ãæ¿ãããâ
èªå®
ã®Buffaloã¯ããŒããŠã§ã¢ããBuffaloã ãã©äžèº«ã¯å
šéšDD-WRTãOpenWRTã«ãªã£ãŠãã®ã§ç¡åé¡
dropbearã®sshã¢ã¯ã»ã¹ïŒéµèªèšŒïŒãæå¹ã«ãªã£ãŠã
dropbearã®sshã¢ã¯ã»ã¹ïŒéµèªèšŒïŒãæå¹ã«ãªã£ãŠã
æ¥ãã§ç¢ºèªãããã©å¯Ÿè±¡å€ã ã£ã
䜿ããªããªã£ããã€ãå庫ã«ãããããªæ°ãããã
ãããã¡ããŒè£œWi-Fiã«ãŒã¿ãŒã«è€æ°ã®èåŒ±æ§ ãµããŒãçµäºæ©åšã¯æ©æ¥ã«è²·ãæ¿ãã
BuffaloãŠãŒã¶ãŒå€ãããªã®ã§ã泚æ
shimajiroãããèšäºå·ç
èªåã®åå¿é²ã
䜿ã£ãŠãæ¹ã¯ãã¡ãŒã ãŠã§ã¢ã®æŽæ°ãå¿
èŠã§ãã
åçªã確èªããŠãã ãããã
åçªã確èªããŠãã ãããã
ãã¡ã®ã¯å¯Ÿè±¡ã«ãªã£ãŠããªããã©ãããããæ¿ãæã§ã¯ããã
ãªããå¥çšéã§äœ¿ãããã«JUNKã§æŒã£ãã®ã¯6å°ã»ã©ç ã£ããŸãŸã
ïŒÂŽ-`ïŒ.oOïŒã»ããã¢ããããã©ããã ããâŠ
ãªããå¥çšéã§äœ¿ãããã«JUNKã§æŒã£ãã®ã¯6å°ã»ã©ç ã£ããŸãŸã
ïŒÂŽ-`ïŒ.oOïŒã»ããã¢ããããã©ããã ããâŠ
ïŸïŸïŸïŸïœºïŸïœ²
[ã¿ã¬] åºæ¬çã«ã¯ææ°ããããé©çšããã°ãããããµããŒããçµäºããŠããæ©åšã«ã€ããŠã¯ããããæäŸãããããšã¯ãªã
䜿çšãåæ¢ãã代æ¿ååãžã®è²·ãæ¿ããä¿ããŠã
䜿çšãåæ¢ãã代æ¿ååãžã®è²·ãæ¿ããä¿ããŠã
BHR-4GRV䜿ã£ãŠãŠä¹
ãã¶ãã«ãã¡ãŒã ã¢ããããããã ãã©ããããChangeLogã«ã¯ã»ãã¥ãªãã£ã¢ããããŒãã¯æžããŠãªããã©ãã¿ã€ãã³ã°çã«ãã¶ããããªãã ãšæãã
ããã
ãã¡ã®ã¯å¯Ÿè±¡ãããªãã£ããããã£ãã
---
---
CVE-2021-20716ã®è£œåãµããŒãçµäºã§ã¢ããããŒããæäŸãããªãæ©çš®ã«ã¯ãåç³ã®ãããªæãããæ©çš®ã䞊ãã§ããâŠ
ãããã¡ããŒã¯ãæä¹
çãªå¯ŸçãšããŠè©²åœãã補åã®äœ¿çšãåæ¢ãã代æ¿è£œåãžã®ç§»è¡ãæšå¥šããŠããã
圱é¿ãåãã補åã¯ãBHR-4RVãFS-G54ãWBR2-B11ãWBR2-G54ãWBR2-G54-KDãWBR-B11ãWBR-G54ãWBR-G54LãWHR2-A54G54ãWHR2-G54ãWHR2-G54Vã(以äžãå èšäºãåç § )
圱é¿ãåãã補åã¯ãBHR-4RVãFS-G54ãWBR2-B11ãWBR2-G54ãWBR2-G54-KDãWBR-B11ãWBR-G54ãWBR-G54LãWHR2-A54G54ãWHR2-G54ãWHR2-G54Vã(以äžãå èšäºãåç § )
ãããã®è匱æ§ã¯ããã¡ãŒã ãŠã§ã¢ã®æŽæ°ã«ãã£ãŠä¿®æ£ãããã察象ãšãªã補åã¯ïŒå
èšäº ãåç
§ïŒ
å³¶ç° çŽ2021幎4æ28æ¥ 16:28
ãããã¡ããŒè£œã®è€æ°ã®Wi-Fiã«ãŒã¿ãŒã«ãèšå®ã«é¢ããæ å ±ã®æŒæŽ©ããã¢ã¯ã»ã¹å¶éã®äžåã«ããrootæš©éã®ååŸã第äžè ããªã¢ãŒãã§ãããã°æ©èœãæå¹åã§ããè匱æ§ãå«ãŸãããšIPAãçºè¡šããã
ãããã¡ããŒè£œã®è€æ°ã®Wi-Fiã«ãŒã¿ãŒã«ãèšå®ã«é¢ããæ å ±ã®æŒæŽ©ããã¢ã¯ã»ã¹å¶éã®äžåã«ããrootæš©éã®ååŸã第äžè ããªã¢ãŒãã§ãããã°æ©èœãæå¹åã§ããè匱æ§ãå«ãŸãããšIPAãçºè¡šããã
ãµããŒããçµäºããŠããã®ã§ä¿®æ£ã¢ããããŒããåããããªãã¢ãã«ããã°ãã§ããããšããã話ã
> >第äžè ããªã¢ãŒãã§åœè©²æ©åšã®telnetãµãŒãã¹ãæå¹åããrootæš©éã§ä»»æã®OSã³ãã³ããå®è¡ã§ããè匱æ§ãå«ãŸãã
> >第äžè ããªã¢ãŒãã§åœè©²æ©åšã®telnetãµãŒãã¹ãæå¹åããrootæš©éã§ä»»æã®OSã³ãã³ããå®è¡ã§ããè匱æ§ãå«ãŸãã
"ãCVE-2021-3512ãã¯ãtelnetãµãŒãã¹ãžã®ã¢ã¯ã»ã¹å¶éã®äžåã«ããã第äžè
ããªã¢ãŒãã§åœè©²æ©åšã®telnetãµãŒãã¹ãæå¹åããrootæš©éã§ä»»æã®OSã³ãã³ããå®è¡ã§ããè匱æ§ãå«ãŸãã"
æå®
ã®APãããŸãã«ããã察çããªããã
ïŒã¢ã¯ã»ã¹å¶éã®äžåã«ããrootæš©éã®ååŸã第äžè
ããªã¢ãŒãã§ãããã°æ©èœãæå¹åã§ããè匱æ§ãå«ãŸãã
ããããã®ã®ãã¡ãŒã ãŠã§ã¢ã¯ã被害èŠæš¡ãšå¯ŸåŠã®é£æ床ãèãããšèªåæŽæ°ã«ãããããªãã®ããªã
>
>
BUFFALOãIO-DADAã¯ããããªã®ã°ããã ããããç±æŽèµ°ã§ããããã€ã¡ãŒãžãããªã
ãã¡ãŒã ã¢ããããŒãã§å€§äžå€«ãªãã®ããµããŒãåãã§è²·ãæ¿ãæšå¥šã®ãã®ãããããã§ãã
䜿ã£ãŠãããŒãð
ã»ãã¥ãªãã£ããããªãæäŸãããè¯ãã®ã«âŠãŠãŸãã7æ代ã ãã10幎è¶ãã ããããŒãªããªã
䜿ã£ãŠãªãBHR-4GRVããã£ãã®ã§ã¢ããããŒãããããšæã£ãŠé»æºå
¥ãããäžèº«ãOpenWRTåããŠãw
ããã£ãšèª¿ã¹ãŠã¿ãæããå²ãšå€ãæ©çš®ã察å¿ããšãã¿ããã ã®ããçŽããããã®éããããã ãããããã®åã®NECãšåçŽã«æ¯ã¹ãããããã§ããªããã©ã
ã
ã
ã察象ãšãªã補åã®ãµããŒãã¯æ¢ã«çµäºããŠããããä¿®æ£ã¢ããããŒãã¯æäŸãããªãããããã¡ããŒã¯ãæä¹
çãªå¯ŸçãšããŠè©²åœãã補åã®äœ¿çšãåæ¢ãã代æ¿è£œåãžã®ç§»è¡ãæšå¥šããŠãããã
ãããã¡ããŒã®ã«ãŒã¿ã䜿ã£ãŠããã®ã¯ïŒïŒå¹Žè¶
ãã®ã§ãããç¡äºF/Wã¢ããããŒãã§ããŸããã
é·æãµããŒãããŠãããã¡ãŒã«ãŒã«æè¬ã
>
é·æãµããŒãããŠãããã¡ãŒã«ãŒã«æè¬ã
>
WXRã¯ã©ã€ã³ãããå
¥ã£ãŠããŠãªãã£ããã©ãéã管çãäžä»£ãéããããªãã
ãããã¡ããŒã®300ç³»ã¯çšŒåããŠãã®å€ãããã»ã»ã»
çŽæ¥çã«ã¯é¢ä¿ãªããã©ãäžå¿åçªãã§ãã¯ã¯ããšããªããšãªãæ²ãããªãã«ãç¡ç·ç°å¢æŽåããŠããã ãã
ã¢ããããŒã倧äºã
ïŒïŒå¯Ÿè±¡ãšãªã補åã®ãµããŒãã¯æ¢ã«çµäºããŠããããä¿®æ£ã¢ããããŒãã¯æäŸãããªã
ïŒïŒæä¹ çãªå¯ŸçãšããŠè©²åœãã補åã®äœ¿çšãåæ¢ãã代æ¿è£œåãžã®ç§»è¡ãæšå¥š
æ¬æ Œçã«ãã¡ãªãã€ã§ããð°
ïŒïŒæä¹ çãªå¯ŸçãšããŠè©²åœãã補åã®äœ¿çšãåæ¢ãã代æ¿è£œåãžã®ç§»è¡ãæšå¥š
æ¬æ Œçã«ãã¡ãªãã€ã§ããð°
æã®ã¢ãã«
å€ãæ©çš®ã¯ãµããŒãç¡ãããè²·ãæ¿ããããšãªã£ãŠãŸããããããã¡ããŒã¯OpenWRTçã䜿ããã®ã§ããã¡ãŒã æžãæãã§ãªããšãè¡ãããã(ææ°ã®å¥Žãå
¥ããããªããªããã¯ãè²·ãæ¿ããŸããã)
ããã©ã¯ãããã¡ããŒ( ËÏË)å€ãæ©çš®ãªã®ã§è²·ãæ¿ãããã§ããªããã€
å€ãã«ãŒã¿ãŒã¯ãšã£ãšãšæ¿ããŸãããã£ãŠããšãã
ãããã¡ããŒãã²ã§ããªã
Wi-Fiã«ãŒã¿ãŒã«è匱æ§èŠã€ãã£ãŠãã£ã¡ã家ã®ã€ã該åœãããã ãããµããŒãçµäºããŠãããè²·ãæããã£ãŠïŒïŒ
ãããããã¡ããŒè²·ããïŒïŒ
Wi-Fiã«ãŒã¿ãŒã«è匱æ§èŠã€ãã£ãŠãã£ã¡ã家ã®ã€ã該åœãããã ãããµããŒãçµäºããŠãããè²·ãæããã£ãŠïŒïŒ
ãããããã¡ããŒè²·ããïŒïŒ
åºæ¬çã« 11n äžä»£ã§æè¿ã®æ©çš®ã¯ç¡ãããããªã
WHR-G301NããŸã ãµããŒããããŠããã ã12幎åã®æ©çš®ã ãâŠ
Buffalo ããããã
WHR-G301NããŸã ãµããŒããããŠããã ã12幎åã®æ©çš®ã ãâŠ
Buffalo ããããã
ãµããŒãçµäºããå€ã
ã¢ããã¿ãŒããµããµãšå£ããã®ã§æ©ã
ã«åŠåããŸããã
ãããã£ããŒè£œã«ãŒã¿ãŒãã»ãã¥ãªãã£ä»¥åã«æ§èœãè匱ããã?
ã«ãŒã¿ãŒãããã£ããŒã«ããŠããã¹ãã¬ã¹ãããªãâŠ
ã«ãŒã¿ãŒãããã£ããŒã«ããŠããã¹ãã¬ã¹ãããªãâŠ
ãããªãã®ã€ãã£ãŠãã
å€ããããã¡ããŒWiFiã«ãŒã¿ãŒã䜿ã£ãŠãã人ã¯èªãã§
ããšã§èŠã
ãç·æ¥ãå€ã
âèšäºã®ç¶ãã¯ãªãæ¬ããâ
âèšäºã®ç¶ãã¯ãªãæ¬ããâ
ãããã¡ããŒã§äœ¿ã£ãŠããã®ã¯USBã¡ã¢ãªããããããªãïŒ
ãã€ãžã§ãã家ã®ã¯åé¡ãªãã£ãã
U3ãcloudsmartch2ãå¥çŽæå
¥åã§
åæè²»çš500åOFF
U2sãã¡ã(smart1000)ã³ãŒãå ¥åã§
åæè²»çš1000åOFF
åæè²»çš500åOFF
U2sãã¡ã(smart1000)ã³ãŒãå ¥åã§
åæè²»çš1000åOFF
ãã¡ã¯3幎以å
çšåºŠã§ã¯è²·ãæ¿ããŠãããã»ãŒãããªã
幎æ«ã«ãè²·ãæ¿ãããã
幎æ«ã«ãè²·ãæ¿ãããã
å
¬è¡tootç°å¢
ãŸã çžåœã®å°æ°ã皌åããŠããã¯ãããã®æ©äŒã«èŠçŽããïŒ
è©«ã³ç³ãããã
確èªãã
Firmwareã®æŽæ°ã§æ²»ãã®äœ¿çšäžæ¢ãšä»£æ¿è£œåãžã®ç§»è¡ãæšå¥šãã補åã§å¥ãããâŠNetworkæ©åšãè²·ãæäœå¹Žäœæè¿ãµããŒããããã®ãæ瀺ããŠæ¬²ãã£ãŠãã調ã¹ããå€ãã®ã§2004幎çºå£²ã®æ©åšã ã£ãããŸã 䜿ã£ãŠã人ããã®ããª
ããŒã察象ãšãªã補åã®ãµããŒãã¯æ¢ã«çµäºããŠããããä¿®æ£ã¢ããããŒãã¯æäŸãããªãããããã¡ããŒã¯ãæä¹
çãªå¯ŸçãšããŠè©²åœãã補åã®äœ¿çšãåæ¢ãã代æ¿è£œåãžã®ç§»è¡ãæšå¥šããŠããã
ãŸã 11b/gæ©äœ¿ã£ãŠã人ã¯ããå€ãã¯ãªãã ãããã©15幎ãããåã®æ©çš®ã§ä¿®æ£ãããªãã®ã§è²·ãæ¿ããŸãã
ã確èªãïŒ â
察象ãšãªããããã¡ããŒè£œã®ã«ãŒã¿ãŒã䜿çšããŠããæ¹ã¯è²·ãæ¿ããæ€èšããæ¹ãè¯ãããã§ã
ãããã¡ããŒããããããã®å€ãããµãšãã©ããããªãNASãã«ãŒã¿ãŒããäžè©±ã«ãªã£ããã©ãèããç®ç«ã€ã
ãããã¡ããŒã«ãŒã¿ãŒã䜿ã£ãŠãã人ã¯å¿
ãç®ãéãã¹ãã
ïŒå¯Ÿè±¡ãšãªã補åã®ãµããŒãã¯æ¢ã«çµäºããŠããããä¿®æ£ã¢ããããŒãã¯æäŸãããªã
ãããŸã§å人çãªæèŠã§ããããããã¡ããŒã®è£œåã¯ãå§ããã«ããã§ããã
ïŒå¯Ÿè±¡ãšãªã補åã®ãµããŒãã¯æ¢ã«çµäºããŠããããä¿®æ£ã¢ããããŒãã¯æäŸãããªã
ãããŸã§å人çãªæèŠã§ããããããã¡ããŒã®è£œåã¯ãå§ããã«ããã§ããã
å¶ç¶èšäºçºèŠ
ãã¡ã®å¯Ÿè±¡ã ã£ãã
ãã¡ã®å¯Ÿè±¡ã ã£ãã
ã¯ãã
åŒã£æãã£ãïœ
ãŠã«ãã©èŠãããšããã«ãŒã¿ãŒãã£ãŠããã ã
ã»ãšãã©ãWi-Fi 4以åã«å¯Ÿå¿ã®æ©çš®ããšã¬ã³ã ã®äºäŸãšç°ãªãã®ã¯ããçšåºŠå€ãæ©çš®ã«ããããæäŸããããŠããããšãããããã«å€ãããæ©çš®ã¯äœ¿çšäžæ¢æšå¥šã ãã
ããããã
ããããããã§ãã£ãŠã
䜿çšããŠããæ¹ãã¡ãŒã ãŠã§ã¢ã¢ããããŒãããã ãã
䜿çšããŠããæ¹ãã¡ãŒã ãŠã§ã¢ã¢ããããŒãããã ãã
ð»ã¡ãŒã«ãŒåŽã¯è²·ãæ¿ããŠãã ãããšã®äº
æ°ãããã®ã¯ãIPv4 over IPv6ãã«å¯Ÿå¿ãã補åãéžãã§äžãã
â
æ°ãããã®ã¯ãIPv4 over IPv6ãã«å¯Ÿå¿ãã補åãéžãã§äžãã
â
ãç·æ¥ãå€ã
ã«ãŒã¿ãŒã«é¢ããŠã¯æãããã¡ããŒäœ¿ã£ãŠãŠäžå®å®ã§NECã«å€ãããåã®ããã«å®å®ããã®ã§ãã以éNECä¿¡è
ã§ã(^^;
察象ãšãªã補åã®ãµããŒãã¯æ¢ã«çµäºããŠããããä¿®æ£ã¢ããããŒãã¯æäŸãããªã
â¶ïž
â¶ïž
æ°å¹Žåã ã£ããç°¡æãµãŒããšããŠéã¶ãšããã ãã©ãããŸã ãšæ±çšçãªã©ãºãã€ãå®ãæã«å
¥ããããããã£ãã¢ãããŒã·ã§ã³ã沞ããããã
ãªã¢ãŒãããDD-WRTã«å€æŽããã¡ããïœïœïœ
åçªèŠããäœå¹Žåã®æ©çš®ã ãã£ãŠãªã£ãããããWi-Fiã«ãŒã¿ãŒã£ãŠè²·ãæãã¢ãããŒã·ã§ã³å
šç¶åºãªã補åãªãã¹ããã
察象ãšãªã補åã®ãµããŒãã¯æ¢ã«çµäºããŠããããä¿®æ£ã¢ããããŒãã¯æäŸãããªãïŒäœãã²ã§ãŒãŒãŒ
ã±ãŒã¿ã€ Watch
BHR-4RVãšã10幎以äžåã ãã©è²·ãæ¿ããŠãã ããã£ãŠå€§èŠæš¡ãªã³ãŒã«æ¡ä»¶ãããªãã®ãã³ã¬ïŒFWæŽæ°ã§å¯Ÿå¿ããã°ããã®ã«
ããŒãã¶ã以å䜿ã£ãŠãã«ãŒã¿ãŒããã ãâŠããŸãã«ãäžå
·åãå€ããŠãšã¬ã³ã ã®ã«è²·ãæ¿ãããã ãã©æ£è§£ã ã£ããª
å㞠次ãž
ä»ã«ã該åœæ©çš®å€æ°ãªã®ã§æ°ãä»ããæ¹ãããã§ãã
ãã£ããšãªãã¬ãŒã¹ããŠopen-wrt,dd-wrtã§äžæžããŠéãã§ããããã