当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-033841

漏洞标题:某市全市路面监控探头弱口令

相关厂商:www.fjptjt.gov.cn

漏洞作者: Lmz

提交时间:2013-08-08 18:20

修复时间:2013-09-22 18:20

公开时间:2013-09-22 18:20

漏洞类型:服务弱口令

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-08: 细节已通知厂商并且等待厂商处理中
2013-08-12: 厂商已经确认,细节仅向厂商公开
2013-08-22: 细节向核心白帽子及相关领域专家公开
2013-09-01: 细节向普通白帽子公开
2013-09-11: 细节向实习白帽子公开
2013-09-22: 细节向公众公开

简要描述:

不法分子可利用监控全市,求邀请码,拒绝跨省!!

详细说明:

莆田市全市路面监控探头弱口令
User:Admin Pass:12345
IP列表:
61.154.149.2 | 61.154.149.3 | 61.154.149.7 | 61.154.149.10 | 61.154.149.11
61.154.149.13 | 61.154.149.12 | 61.154.149.18 | 61.154.149.19 | 61.154.149.20
61.154.149.22 | 61.154.149.24 | 61.154.149.30 | 61.154.149.28 | 61.154.149.42
61.154.149.44 | 61.154.149.40 | 61.154.149.43 | 61.154.149.46 | 61.154.149.50
61.154.149.59 | 61.154.149.56 | 61.154.149.63 | 61.154.149.62 | 61.154.149.64
61.154.149.65 | 61.154.149.67 | 61.154.149.66 | 61.154.149.68 | 61.154.149.70
61.154.149.71 | 61.154.149.69 | 61.154.149.75 | 61.154.149.74 | 61.154.149.78
61.154.149.76 | 61.154.149.79 | 61.154.149.80 | 61.154.149.81 | 61.154.149.82
61.154.149.83 | 61.154.149.84 | 61.154.149.85 | 61.154.149.86 | 61.154.149.90
61.154.149.89 | 61.154.149.92 | 61.154.149.88 | 61.154.149.87 | 61.154.149.91
61.154.149.93 | 61.154.149.97 | 61.154.149.98 | 61.154.149.100 | 61.154.149.99
61.154.149.94 | 61.154.149.95 | 61.154.149.96 | 61.154.149.102 | 61.154.149.103
61.154.149.101 | 61.154.149.104 | 61.154.149.106 | 61.154.149.105 | 61.154.149.107
61.154.149.108 | 61.154.149.110 | 61.154.149.112 | 61.154.149.109 | 61.154.149.111
61.154.149.113 | 61.154.149.115 | 61.154.149.116 | 61.154.149.118 | 61.154.149.120
61.154.149.119 | 61.154.149.123 | 61.154.149.122 | 61.154.149.121 | 61.154.149.124
61.154.149.133 | 61.154.149.126 | 61.154.149.127 | 61.154.149.128 | 61.154.149.129
61.154.149.131 | 61.154.149.130 | 61.154.149.132 | 61.154.149.135 | 61.154.149.134
61.154.149.139 | 61.154.149.138 | 61.154.149.142 | 61.154.149.143 | 61.154.149.140
61.154.149.144 | 61.154.149.148 | 61.154.149.147 | 61.154.149.146 | 61.154.149.149
61.154.149.153 | 61.154.149.150 | 61.154.149.152 | 61.154.149.151 | 61.154.149.156
61.154.149.157 | 61.154.149.158 | 61.154.149.159 | 61.154.149.161 | 61.154.149.160
61.154.149.163 | 61.154.149.164 | 61.154.149.165 | 61.154.149.167 | 61.154.149.168
61.154.149.169 | 61.154.149.170 | 61.154.149.172 | 61.154.149.173 | 61.154.149.175
61.154.149.176 | 61.154.149.178 | 61.154.149.179 | 61.154.149.180 | 61.154.149.181
61.154.149.183 | 61.154.149.182 | 61.154.149.185 | 61.154.149.189 | 61.154.149.192
61.154.149.197 | 61.154.149.200 | 61.154.149.191 | 61.154.149.195 | 61.154.149.194
61.154.149.196 | 61.154.149.198 | 61.154.149.205 | 61.154.149.203 | 61.154.149.206
61.154.149.202 | 61.154.149.201 | 61.154.149.212 | 61.154.149.207 | 61.154.149.215
61.154.149.213 | 61.154.149.214 | 61.154.149.218 | 61.154.149.216 | 61.154.149.208
61.154.149.220 | 61.154.149.219 | 61.154.149.222 | 61.154.149.227 | 61.154.149.228
61.154.149.230 | 61.154.149.229 | 61.154.149.231 | 61.154.149.233 | 61.154.149.234
61.154.149.232 | 61.154.149.236 | 61.154.149.235 | 61.154.149.237 | 61.154.149.240
61.154.149.238 | 61.154.149.239 | 61.154.149.242 | 61.154.149.245 | 61.154.149.243
61.154.149.244 | 61.154.149.248 | 61.154.149.249 | 61.154.149.250 | 61.154.149.252

6999.jpg

68888.jpg

漏洞证明:

User:Admin Pass:12345
IP列表:
61.154.149.2 | 61.154.149.3 | 61.154.149.7 | 61.154.149.10 | 61.154.149.11
61.154.149.13 | 61.154.149.12 | 61.154.149.18 | 61.154.149.19 | 61.154.149.20
61.154.149.22 | 61.154.149.24 | 61.154.149.30 | 61.154.149.28 | 61.154.149.42
61.154.149.44 | 61.154.149.40 | 61.154.149.43 | 61.154.149.46 | 61.154.149.50
61.154.149.59 | 61.154.149.56 | 61.154.149.63 | 61.154.149.62 | 61.154.149.64
61.154.149.65 | 61.154.149.67 | 61.154.149.66 | 61.154.149.68 | 61.154.149.70
61.154.149.71 | 61.154.149.69 | 61.154.149.75 | 61.154.149.74 | 61.154.149.78
61.154.149.76 | 61.154.149.79 | 61.154.149.80 | 61.154.149.81 | 61.154.149.82
61.154.149.83 | 61.154.149.84 | 61.154.149.85 | 61.154.149.86 | 61.154.149.90
61.154.149.89 | 61.154.149.92 | 61.154.149.88 | 61.154.149.87 | 61.154.149.91
61.154.149.93 | 61.154.149.97 | 61.154.149.98 | 61.154.149.100 | 61.154.149.99
61.154.149.94 | 61.154.149.95 | 61.154.149.96 | 61.154.149.102 | 61.154.149.103
61.154.149.101 | 61.154.149.104 | 61.154.149.106 | 61.154.149.105 | 61.154.149.107
61.154.149.108 | 61.154.149.110 | 61.154.149.112 | 61.154.149.109 | 61.154.149.111
61.154.149.113 | 61.154.149.115 | 61.154.149.116 | 61.154.149.118 | 61.154.149.120
61.154.149.119 | 61.154.149.123 | 61.154.149.122 | 61.154.149.121 | 61.154.149.124
61.154.149.133 | 61.154.149.126 | 61.154.149.127 | 61.154.149.128 | 61.154.149.129
61.154.149.131 | 61.154.149.130 | 61.154.149.132 | 61.154.149.135 | 61.154.149.134
61.154.149.139 | 61.154.149.138 | 61.154.149.142 | 61.154.149.143 | 61.154.149.140
61.154.149.144 | 61.154.149.148 | 61.154.149.147 | 61.154.149.146 | 61.154.149.149
61.154.149.153 | 61.154.149.150 | 61.154.149.152 | 61.154.149.151 | 61.154.149.156
61.154.149.157 | 61.154.149.158 | 61.154.149.159 | 61.154.149.161 | 61.154.149.160
61.154.149.163 | 61.154.149.164 | 61.154.149.165 | 61.154.149.167 | 61.154.149.168
61.154.149.169 | 61.154.149.170 | 61.154.149.172 | 61.154.149.173 | 61.154.149.175
61.154.149.176 | 61.154.149.178 | 61.154.149.179 | 61.154.149.180 | 61.154.149.181
61.154.149.183 | 61.154.149.182 | 61.154.149.185 | 61.154.149.189 | 61.154.149.192
61.154.149.197 | 61.154.149.200 | 61.154.149.191 | 61.154.149.195 | 61.154.149.194
61.154.149.196 | 61.154.149.198 | 61.154.149.205 | 61.154.149.203 | 61.154.149.206
61.154.149.202 | 61.154.149.201 | 61.154.149.212 | 61.154.149.207 | 61.154.149.215
61.154.149.213 | 61.154.149.214 | 61.154.149.218 | 61.154.149.216 | 61.154.149.208
61.154.149.220 | 61.154.149.219 | 61.154.149.222 | 61.154.149.227 | 61.154.149.228
61.154.149.230 | 61.154.149.229 | 61.154.149.231 | 61.154.149.233 | 61.154.149.234
61.154.149.232 | 61.154.149.236 | 61.154.149.235 | 61.154.149.237 | 61.154.149.240
61.154.149.238 | 61.154.149.239 | 61.154.149.242 | 61.154.149.245 | 61.154.149.243
61.154.149.244 | 61.154.149.248 | 61.154.149.249 | 61.154.149.250 | 61.154.149.252

6999.jpg

68888.jpg

修复方案:

加强口令,能内网最好内网

版权声明:转载请注明来源 Lmz@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2013-08-12 22:00

厂商回复:

最新状态:

暂无


漏洞评价:

评论

  1. 2013-08-08 19:03 | hacker@sina.cn ( 普通白帽子 | Rank:288 漏洞数:27 | ANONYMOUS)

    ...

  2. 2013-08-08 21:57 | 一只猿 ( 普通白帽子 | Rank:463 漏洞数:89 | 硬件与无线通信研究方向)

    我去,厂商都没屏蔽,,,直接就看到了@xsser

  3. 2013-08-09 00:38 | 小痞子 ( 普通白帽子 | Rank:106 漏洞数:21 | <xss>alert("a")</xss>¥&@&……dssKhwjcw...)

    霸气侧漏啊

  4. 2013-08-09 07:22 | 橙夏 ( 实习白帽子 | Rank:35 漏洞数:4 | 喵呜喵呜喵呜呜呜 喵呜呜喵呜呜呜呜 喵呜呜...)

    mark

  5. 2013-08-12 23:22 | 78基佬 ( 实习白帽子 | Rank:84 漏洞数:20 | 不会日站的设计师不是好产品经理)

    这 .-' _..`. / .'_.'.' | .' (.)`. ;' ,_ `. .--.__________.' ; `.;-' | ./ / | | / `..'`-._ _____, ..' / | | | |\ \ / /| | | | \ \ / / | | | | \ \ /_/ |_| |_| \_\ |__\ |__\ |__\ |__\打得。。

  6. 2013-08-12 23:24 | 78基佬 ( 实习白帽子 | Rank:84 漏洞数:20 | 不会日站的设计师不是好产品经理)

    这 .-' _..`.<br> / .'_.'.'<br> | .' (.)`.<br> ;' ,_ `.<br> .--.__________.' ; `.;-'<br> | ./ /<br> | | / <br> `..'`-._ _____, ..'<br> / | | | |\ \<br> / /| | | | \ \<br> / / | | | | \ \<br> /_/ |_| |_| \_\<br> |__\ |__\ |__\ |__\<br>这样行么

  7. 2013-08-12 23:24 | 78基佬 ( 实习白帽子 | Rank:84 漏洞数:20 | 不会日站的设计师不是好产品经理)

    尼玛。。

  8. 2013-08-12 23:39 | 一只猿 ( 普通白帽子 | Rank:463 漏洞数:89 | 硬件与无线通信研究方向)

    看来我也得我我珍藏好久的洞子提了

  9. 2013-09-16 20:11 | Anymous ( 普通白帽子 | Rank:124 漏洞数:28 )

    怎么找到的@Lmz