{"id":14336,"date":"2022-04-21T20:00:03","date_gmt":"2022-04-21T17:00:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=14336"},"modified":"2022-04-21T20:00:03","modified_gmt":"2022-04-21T17:00:03","slug":"tp-link-routerlarda-kritik-bir-guvenlik-acigi-kesfedildi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=14336","title":{"rendered":"TP-Link Router&#8217;larda Kritik Bir G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Ke\u015ffedildi"},"content":{"rendered":"<p><strong>TP-Link<\/strong>&#39;in Archer model\u00a0router&#39;lar\u0131nda, siber sald\u0131rganlar\u0131n\u00a0y\u00f6netici \u015fifrelerini ge\u00e7ersiz k\u0131larak bir Telnet konta\u011f\u0131 ile LAN \u00fczerinden cihazlar\u0131\u00a0uzaktan denetim edebildikleri kritik bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffedildi. \u015eirket,\u00a0CVE-2019-7405 olarak\u00a0adland\u0131r\u0131lan\u00a0a\u00e7\u0131\u011f\u0131n ortaya \u00e7\u0131kmas\u0131n\u0131n akabinde, gelebilecek potansiyel\u00a0sald\u0131r\u0131lara kar\u015f\u0131 g\u00fcvenlik yamas\u0131 yay\u0131nlad\u0131.<\/p>\n<p>IBM X-Force Red&#39;te g\u00fcvenlik dan\u0131\u015fman\u0131 olan\u00a0Grzegorz Wypych, <em>&#8220;E\u011fer bu router g\u00fcvenlik a\u00e7\u0131\u011f\u0131 berbata kullan\u0131l\u0131rsa, sald\u0131rgalar\u0131n router&#39;\u0131n yap\u0131land\u0131rmas\u0131n\u0131 mahall\u00ee alan a\u011f\u0131nda\u00a0(LAN) Telnet arac\u0131l\u0131\u011f\u0131yla denetim edebilmesine\u00a0ve LAN yahut geni\u015f alan a\u011f\u0131 (WAN) \u00fczerinden bir Evrak Transfer Protokol\u00fc (FTP) sunucusuna ba\u011flanmas\u0131na neden olabilir&#8221;<\/em> dedi.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/35\/ce577b2901a6a97587ddf52919064508db6dd838.jpeg\"\/><\/p>\n<p>G\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanmaya \u00e7al\u0131\u015fan sald\u0131rganlar\u00a0izin verilen bayt say\u0131s\u0131ndan daha uzun karakter dizisi i\u00e7eren bir <strong>HTTP iste\u011fi<\/strong> g\u00f6nderiyor.\u00a0Bunun sonucunda kullan\u0131c\u0131 \u015fifresi b\u00fcsb\u00fct\u00fcn ge\u00e7ersiz hale getirilerek\u00a0bo\u015f bir pahayla de\u011fi\u015ftiriliyor.\u00a0Bu form\u00fcl ayg\u0131ttaki do\u011frulamaya kar\u015f\u0131n \u00e7al\u0131\u015f\u0131yor, zira s\u0131rf y\u00f6nlendirenin HTTP \u00fcstbilgisini denetim ediyor ve sald\u0131rgan router&#39;\u0131n httpd hizmetini, kodlanm\u0131\u015f tplinkwifi.net pahas\u0131n\u0131 kullanarak kand\u0131rmas\u0131n\u0131 sa\u011fl\u0131yor.<\/p>\n<p>A\u00e7\u0131ktan etkilenen router&#39;lardaki tek kullan\u0131c\u0131 tipi cihaz\u0131n\u00a0t\u00fcm m\u00fcsaadelerine sahip olan <strong>y\u00f6netici<\/strong> oldu\u011fundan,\u00a0siber sald\u0131rganlar kimlik do\u011frulamay\u0131 atlayarak otomatik olarak y\u00f6netici ayr\u0131cal\u0131klar\u0131 elde ediyor.\u00a0Daha da berbat\u0131 router sahibi ayg\u0131ta yeni bir \u015fifre belirlemi\u015f olsa bile, sald\u0131rganlar FTP sunucusunun yerle\u015fik USB irtibatlar\u0131na LAN \/ WAN \/ CGI iste\u011fi g\u00f6ndererek \u015fifreyi tekrar etkisiz hale getirebiliyor.<\/p>\n<p>TP-Link,\u00a0<strong>Archer C5 V4<\/strong>, <strong>Archer MR200v4<\/strong>, <strong>Archer MR6400v4<\/strong> ve <strong>Archer MR400v3<\/strong> ayg\u0131tlar\u0131 i\u00e7in g\u00fcvenlik yamalar\u0131n\u0131 kullan\u0131c\u0131lar\u0131na sundu.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>TP-Link&#39;in Archer model\u00a0router&#39;lar\u0131nda, siber sald\u0131rganlar\u0131n\u00a0y\u00f6netici \u015fifrelerini ge\u00e7ersiz k\u0131larak bir Telnet konta\u011f\u0131 ile LAN \u00fczerinden &#8230;<\/p>\n","protected":false},"author":1,"featured_media":14337,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[851],"tags":[1125,2736,2941],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14336"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14336"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14336\/revisions"}],"predecessor-version":[{"id":14338,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/14336\/revisions\/14338"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/14337"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14336"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14336"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14336"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}