漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-034368
漏洞标题:某县路面监控系统弱口令可任意查看监控画面(大量)
相关厂商:闽侯县政府门户网站
漏洞作者: Lmz
提交时间:2013-08-16 16:51
修复时间:2013-09-30 16:51
公开时间:2013-09-30 16:51
漏洞类型:服务弱口令
危害等级:中
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-08-16: 细节已通知厂商并且等待厂商处理中
2013-08-20: 厂商已经确认,细节仅向厂商公开
2013-08-30: 细节向核心白帽子及相关领域专家公开
2013-09-09: 细节向普通白帽子公开
2013-09-19: 细节向实习白帽子公开
2013-09-30: 细节向公众公开
简要描述:
闽侯县路面监控系统弱口令.你懂得~
详细说明:
61.131.20.193 | 61.131.20.194 | 61.131.20.195 | 61.131.20.196
61.131.20.200 | 61.131.20.199 | 61.131.20.213 | 61.131.20.217
61.131.20.198 | 61.131.20.204 | 61.131.20.206 | 61.131.20.211
61.131.20.207 | 61.131.20.209 | 61.131.20.214 | 61.131.20.216
61.131.20.222 | 61.131.20.225 | 61.131.20.228 | 61.131.20.226
61.131.20.234 | 61.131.20.210 | 61.131.20.212 | 61.131.20.215
61.131.20.224 | 61.131.20.18 | 61.131.20.220 | 61.131.20.221
61.131.20.219 | 61.131.20.253 | 61.131.20.252 | 61.131.23.2
61.131.23.4 | 61.131.23.3 | 61.131.23.1 | 61.131.23.6
61.131.23.8 | 61.131.23.10 | 61.131.23.9 | 61.131.23.15
61.131.23.5 | 61.131.23.7 | 61.131.23.13 | 61.131.23.12
61.131.23.14 | 61.131.23.17 | 61.131.23.21 | 61.131.23.16
61.131.23.18 | 61.131.23.19 | 61.131.23.20 | 61.131.23.22
61.131.23.24 | 61.131.23.25 | 61.131.23.26 | 61.131.23.28
61.131.23.29 | 61.131.23.30 | 61.131.23.40 | 61.131.23.45
61.131.23.32 | 61.131.23.33 | 61.131.23.34 | 61.131.23.41
61.131.23.31 | 61.131.23.35 | 61.131.23.60 |
user:admin pass:12345
漏洞证明:
61.131.20.193 | 61.131.20.194 | 61.131.20.195 | 61.131.20.196
61.131.20.200 | 61.131.20.199 | 61.131.20.213 | 61.131.20.217
61.131.20.198 | 61.131.20.204 | 61.131.20.206 | 61.131.20.211
61.131.20.207 | 61.131.20.209 | 61.131.20.214 | 61.131.20.216
61.131.20.222 | 61.131.20.225 | 61.131.20.228 | 61.131.20.226
61.131.20.234 | 61.131.20.210 | 61.131.20.212 | 61.131.20.215
61.131.20.224 | 61.131.20.18 | 61.131.20.220 | 61.131.20.221
61.131.20.219 | 61.131.20.253 | 61.131.20.252 | 61.131.23.2
61.131.23.4 | 61.131.23.3 | 61.131.23.1 | 61.131.23.6
61.131.23.8 | 61.131.23.10 | 61.131.23.9 | 61.131.23.15
61.131.23.5 | 61.131.23.7 | 61.131.23.13 | 61.131.23.12
61.131.23.14 | 61.131.23.17 | 61.131.23.21 | 61.131.23.16
61.131.23.18 | 61.131.23.19 | 61.131.23.20 | 61.131.23.22
61.131.23.24 | 61.131.23.25 | 61.131.23.26 | 61.131.23.28
61.131.23.29 | 61.131.23.30 | 61.131.23.40 | 61.131.23.45
61.131.23.32 | 61.131.23.33 | 61.131.23.34 | 61.131.23.41
61.131.23.31 | 61.131.23.35 | 61.131.23.60 |
user:admin pass:12345
修复方案:
加强口令
版权声明:转载请注明来源 Lmz@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:15
确认时间:2013-08-20 22:50
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发福建分中心,根据福建分中心反馈情况,相关系统属中国电信管理,为电信全球眼项目组成部分。已经协调当地基础电信企业处置,做好访问控制,并提高口令强度。
最新状态:
暂无