Event tracking: ZTE router SOHO Router）Backdoor has been clear-vulnerability warning-the black bar safety net

2 0 1 4 year 3 month, the black bar safety net coverage of the ZTE company ZTE production of the SOHO Router models the router was traced to the presence of the back door. ZTE products and Incident Response Team in the month to make a response, and in 6 months in ZTE website released a vulnerability announcement, this year 2 month 9, The report is again updated. Currently, ZTE has a joint operator for all network device upgrades.
Event review
ZTE F460/F660 cable modems product the presence of unauthenticated Backdoor, web_shell_cmd. gch script accepts unauthenticated commands that can be from the WAN interface to access, the attacker can use this Backdoor to execute arbitrary administrator commands. ZTE production of a SOHO Router of some models, Web root directory/home/httpd under the presence /web_shell_cmd. gch file, without any access control, it can directly execute arbitrary system commands.
!
Vulnerability analysis
Thereafter the door is in order for the equipment maintenance convenient and increase. Equipment at the scene after the run, bring security risks. F460 and F660 both devices from the 2 0 1 1 year 1 1 month 1 1 day start now the use of network, 2 0 1 2 7 3 1 future version in a close up and thereafter the door. Currently in the network running version, 2 0 1 2 7 3 1 by the following version of the existence of risk: F460 V2. 3 0; The F660 V2. 3 to 0.
Solutions
ZTE products and Incident Response Team has been in the 2 0 1 4 year 3 months for the vulnerability to respond, notify the relevant customer to repair and upgrade, and has jointly run the commercial for the upgrading of products, the ZTE website, in the 6 month in the release of the vulnerability announcement. For the existing network there is a risk of the version, ZTE has provided a patched version, the version published internal technical support site, and notification to the after-sales. Live according to the operator’s arrangements through the network for remote upgrades to improve security.
This year 2 month 9 days Hing again for the reports to update, increase affected the other router device model description. Affected by this vulnerability the router device model further comprises:
ZXHN F660, the ZXHN F620, the ZXHN F612, the ZXHN F420, the ZXHN F412, the ZXHN F460
ZTE to inform the FreeBuf, currently ZTE has a joint operator in the network equipment upgrade process. Since the home router is widely distributed, so the current in the network device may still have the delay in the upgrade of individual users, this ZTE will continue to track and urge the Bureau and the user for inspection and upgrade. If the upgrade process there are omissions, please contact the appropriate operator, to obtain the version upgrade service.
Reference links
US-CERT: the http://www.kb.cert.org/vuls/id/600724
NVD: the http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2321
CNVD: the http://www.cnvd.org.cn/flaw/show/CNVD-2014-01538
ZTE F460/F660 unauthorized Backdoor vulnerability notice: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1005684