本报告由CNCERT物联网安全研究团队与360网络安全研究院共同发布
一、背景介绍
二、漏洞分析
1、信息泄露漏洞
2、命令注入漏洞
三、受影响设备固件列表
DCS-2530L_A1_FW_V1.03.01DCS-2530L_A1_FW_V1.04.01DCS-2530L_Ax_FW_V1.04.01DCS-2530L_REVA_FIRMWARE_1.03.01DCS-2530L_REVA_FIRMWARE_v1.03.01DCS-2530L_REVA_FIRMWARE_v1.04.01DCS-2530L_REVA_FIRMWARE_v1.05.05DCS-2530L_fw_revA1_1-03-01_eu_multi_20171108DCS-2530L_fw_revAx_1-04-01_eu_multi_20180601DCS-2670L_A1_FW_V2.01.031030103739DCS-2670L_FIRMWARE_2.01.10DCS-2670L_FW_v1.10.02DCS-2670L_fw_revA1_1-10-02_eu_multi_20171108DCS-2670L_fw_revA1_2-01-03_eu_multiDCS-2670L_fw_revB1_2-01_eu_multi_20190710DCS-4603_A1_FW_V1.03.04DCS-4603_FW_V1.02.02DCS-4603_REVA_FIRMWARE_1.02DCS-4603_REVA_FIRMWARE_v1.02.02DCS-4603_REVA_FIRMWARE_v1.03.04DCS-4603_fw_revA1_1-02-02_eu_multi_20171103DCS-4603_fw_revA1_1-03-04_eu_multi_20190422DCS-4622_B1_FW_V2.00.04DCS-4622_REVB_FIRMWARE_v2.00.04DCS-4622_fw_revB1_2-00-04_eu_multi_20181109DCS-4701E_B1_FW_V2.00.21_DCS-4701E_VB1_FIRMWARE_v2.00.21DCS-4703E_FW_V1.01.00DCS-4703E_FW_V1.02.03DCS-4703E_REVA_FIRMWARE_1.01DCS-4703E_REVA_FIRMWARE_v1.01DCS-4703E_REVA_FIRMWARE_v1.02.03DCS-4703E_fw_revA1_1-01_eu_multi_20170929DCS-4703E_fw_revA1_1-02-03_eu_multi_20190426DCS-4705E_A1_FW_v1.00.12DCS-4705E_A1_FW_v1.01.00DCS-4705E_REVA_FIRMWARE_v1.00.12DCS-4705E_REVA_FIRMWARE_v1.01.00DCS-4705E_fw_revA1_1-00-12_eu_multi_20181205DCS-4705E_fw_revA1_1-01-00_eu_multi_20190905DCS-4802E_B1_FW_V2.00.09DCS-4802E_REVB_FIRMWARE_v2.00.09DCS-4802E_fw_revB1_2-00-09_eu_multi_20190422DCS-P703_A1_FW_V1.01.00
四、处置建议
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论