漏洞概要

缺陷编号:
CVE-2016-10372

漏洞标题:
CVE-2016-10372

提交时间:
05/16/2017

危害等级:

相关厂商:

漏洞分类:
漏洞公布

关注度:
共 104 人关注

漏洞详情

Description

The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.

Source: 
MITRE
    
Last Modified: 
05/16/2017

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because
they may have information that would be of interest to you. No inferences should be drawn on account of other sites
being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.
NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,
NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about
this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/ External Source MISC https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/ External Source MISC https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/

发表评论

电子邮件地址不会被公开。 必填项已用*标注