{"id":5118,"date":"2023-07-23T13:54:17","date_gmt":"2023-07-23T11:54:17","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=5118"},"modified":"2023-07-23T13:54:17","modified_gmt":"2023-07-23T11:54:17","slug":"cvrsto-kodirani-nalozi-omogucavaju-potpuno-preuzimanje-technicolor-rutera","status":"publish","type":"post","link":"http:\/\/sajberinfo.com\/en\/2023\/07\/23\/cvrsto-kodirani-nalozi-omogucavaju-potpuno-preuzimanje-technicolor-rutera\/","title":{"rendered":"\u010cvrsto k\u00f4dirani nalozi omogu\u0107avaju potpuno preuzimanje Technicolor rutera"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Vi\u0161estruki \u010dvrsto k\u00f4dirani <a href=\"https:\/\/kb.cert.org\/vuls\/id\/913565\" target=\"_blank\" rel=\"noopener\">nalozi prona\u0111eni na ruteru<\/a> <em>Technicolor TG670 DSL <\/em>mre\u017eni ruter omogu\u0107avaju napada\u010dima da u potpunosti preuzmu ure\u0111aje. Ovaj ure\u0111aj ima \u010dvrsto k\u00f4dirane servisne naloge koji omogu\u0107avaju autentifikaciju preko <em>WAN<\/em> interfejsa, koriste\u0107i <em>HTTP<\/em>, <em>SSH<\/em> ili <em>TELNET<\/em> servise.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-5120\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/07\/Technicolor.jpg\" alt=\"Technicolor ruter\" width=\"1024\" height=\"683\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/07\/Technicolor.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/07\/Technicolor-300x200.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/07\/Technicolor-768x512.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/07\/Technicolor-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p class=\"attribution\"><span style=\"font-size: 11pt;\"><em>&#8220;<a href=\"https:\/\/www.flickr.com\/photos\/73422480@N00\/7242873742\" target=\"_blank\" rel=\"noopener\">IMG_1640<\/a>&#8221; by <a href=\"https:\/\/www.flickr.com\/photos\/73422480@N00\" target=\"_blank\" rel=\"noopener noreferrer\">tompagenet<\/a> is licensed under <a href=\"https:\/\/creativecommons.org\/licenses\/by-sa\/2.0\/?ref=openverse\" target=\"_blank\" rel=\"noopener noreferrer\">CC BY-SA 2.0 <img decoding=\"async\" style=\"height: 1em; margin-right: 0.125em; display: inline;\" src=\"https:\/\/mirrors.creativecommons.org\/presskit\/icons\/cc.svg\" alt=\"\"><img decoding=\"async\" style=\"height: 1em; margin-right: 0.125em; display: inline;\" src=\"https:\/\/mirrors.creativecommons.org\/presskit\/icons\/by.svg\" alt=\"\"><img decoding=\"async\" style=\"height: 1em; margin-right: 0.125em; display: inline;\" src=\"https:\/\/mirrors.creativecommons.org\/presskit\/icons\/sa.svg\" alt=\"\"><\/a>.<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><strong>\u010cvrsto k\u00f4dirani nalozi<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">\u010cvrsto k\u00f4dirana <a href=\"https:\/\/sajberinfo.com\/en\/2019\/02\/24\/lozinka-password-sifra\/\" target=\"_blank\" rel=\"nofollow noopener\">lozinka<\/a> se odnosi na nepromjenljivu lozinku koja se \u010duva u okviru ure\u0111aja ili aplikacije. Ova vrsta lozinke nosi zna\u010dajan rizik jer je mogu iskoristiti<a href=\"https:\/\/sajberinfo.com\/en\/2021\/09\/26\/malware\/\" target=\"_blank\" rel=\"nofollow noopener\"> zlonamjerni softver<\/a> ili <a href=\"https:\/\/sajberinfo.com\/en\/2022\/03\/19\/hakeri-crni-sesiri-epizoda-3\/\" target=\"_blank\" rel=\"nofollow noopener\">napada\u010di<\/a> za neovla\u0161teni pristup ure\u0111ajima i sistemima, omogu\u0107avaju\u0107i im da se uklju\u010de u zlonamjerne aktivnosti. U odre\u0111enim slu\u010dajevima, tvrdo k\u00f4dirani nalog mo\u017ee da posjeduje administrativne privilegije, daju\u0107i potpunu kontrolu nad ure\u0111ajem preko naloga koji se ne mo\u017ee mijenjati ili deaktivirati.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Nedavno je otkriveno da <em>Technicolor TG670 DSL<\/em> mre\u017eni ruter sa verzijom upravlja\u010dkog softvera <em>10.5.N.9.<\/em> sadr\u017ei vi\u0161e od jednog \u010dvrsto kodiranog naloga usluge. Ovi konkretni nalozi omogu\u0107avaju pun administrativni pristup ure\u0111aju preko <em>WAN<\/em> interfejsa. Ako je daljinska administracija omogu\u0107ena, ure\u0111aju se mo\u017ee daljinski pristupiti sa spoljnog mre\u017enog interfejsa, kao \u0161to je Internet. Izgleda da ovaj nalog ima pun administrativni pristup za izmjenu pode\u0161avanja ure\u0111aja. Pored toga, izgleda da ovaj nalog nije dokumentovan i da se ne mo\u017ee onemogu\u0107iti ili ukloniti sa ure\u0111aja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\"><strong>Problem za korisnike<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Zlonamjerni napada\u010d mo\u017ee daljinski da koristi podrazumijevano korisni\u010dko ime i lozinku za prijavu kao administrator na ure\u0111aj rutera. Ovo omogu\u0107ava napada\u010du da izmjeni bilo koje administrativno pode\u0161avanje rutera i da ga koristi na neo\u010dekivane na\u010dine. Ovo zahteva da je daljinska administracija omogu\u0107ena na ruteru, \u0161to je fabri\u010dki podrazumijevano pode\u0161avanje.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\"><strong>Za\u0161tita<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Korisnicima se preporu\u010duje da kod svog pru\u017eaoca Internet usluga provjere da li su dostupna odgovaraju\u0107a a\u017euriranja i ispravke za rje\u0161avanje \u010dvrsto k\u00f4diranih naloga uskladi\u0161tenih na ure\u0111ajima. Kao preventivna mjera, korisnicima se preporu\u010duje da onemogu\u0107e daljinsku administraciju ure\u0111aja kada to nije potrebno kako bi se smanjio rizik od od zloupotrebe ovih naloga.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Vi\u0161estruki \u010dvrsto k\u00f4dirani nalozi prona\u0111eni na ruteru Technicolor TG670 DSL mre\u017eni ruter omogu\u0107avaju napada\u010dima da u potpunosti preuzmu ure\u0111aje. Ovaj ure\u0111aj ima \u010dvrsto k\u00f4dirane servisne naloge koji omogu\u0107avaju autentifikaciju preko WAN interfejsa, koriste\u0107i HTTP,&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":5120,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[474,161,475],"class_list":["post-5118","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-hardcoded","tag-router","tag-technicolor"],"_links":{"self":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=5118"}],"version-history":[{"count":0,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/5118\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/5120"}],"wp:attachment":[{"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=5118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=5118"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=5118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}