Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
360V6 IPQ6018/AP-CP03-C1 OpenWrt R22.3.18 / LuCI Master (git-22.077.27812-84c894f)
通过访问http://【路由ip】:8118触发
原:
由于adbyby默认监听0.0.0.0的8118端口,导致攻击者可以从外部访问8118端口,或者还可以通过xss/csrf诱导内网用户访问,之后由于程序逻辑错误,最终导致自循环,产生大量连接,占用高额CPU
一:使用iptables或防火墙限制从外部访问8118端口 iptables -A INPUT -p tcp –dport 8118 -i <eth0 你的所有物理接口> -j reject 二:关闭adbyby
The text was updated successfully, but these errors were encountered:
No branches or pull requests
漏洞测试系统为:
360V6 IPQ6018/AP-CP03-C1

OpenWrt R22.3.18 / LuCI Master (git-22.077.27812-84c894f)
版本v2.7(最新版):
漏洞触发方式:
通过访问http://【路由ip】:8118触发
效果:
原:
漏洞形成原因:
由于adbyby默认监听0.0.0.0的8118端口,导致攻击者可以从外部访问8118端口,或者还可以通过xss/csrf诱导内网用户访问,之后由于程序逻辑错误,最终导致自循环,产生大量连接,占用高额CPU



临时修复建议:
一:使用iptables或防火墙限制从外部访问8118端口

iptables -A INPUT -p tcp –dport 8118 -i <eth0 你的所有物理接口> -j reject
二:关闭adbyby
The text was updated successfully, but these errors were encountered: