漏洞信息详情
Belkin N300 Dual-Band Wi-Fi Range Extender 权限许可和访问控制漏洞
- CNNVD编号:CNNVD-201507-704
- 危害等级: 高危
- CVE编号: CVE-2015-5536
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2015-07-22
- 威胁类型: 远程
- 更新时间: 2015-08-14
- 厂 商: belkin
- 漏洞来源: Elvis Collado of H...
漏洞简介
Belkin N300 Dual-Band Wi-Fi Range Extender是美国贝尔金(Belkin)公司的一款双频无线扩展路由器产品。
使用1.0.0版本固件的Belkin N300 Dual-Band Wi-Fi Range Extender中存在安全漏洞。远程攻击者可借助多个参数(formUSBStorage请求中的‘sub_dir ’参数,formWpsStart或formiNICWpsStart请求中的‘pinCode’参数,formWlanSetupWPS请求中的‘wps_enrolee_pin’参数,formWlanMP、formBSSetSitesurvey、formHwSet或ormConnectionSetting请求中的参数)利用该漏洞执行任意命令。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.belkin.com/us/support-article?articleNum=4975
参考网址
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-347/
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-350/
来源:www.belkin.com
链接:http://www.belkin.com/us/support-article?articleNum=4975
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-348/
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-343/
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-344/
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-351/
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-349/
来源:www.zerodayinitiative.com
链接:http://www.zerodayinitiative.com/advisories/ZDI-15-346/
来源: BID
链接:http://www.securityfocus.com/bid/75978
受影响实体
- Belkin N300_dual-Band_wi-Fi_range_extender_firmware:1.0.0
补丁
- F9K1111_WW_1.04.10_upg
评论