{"id":2879,"date":"2024-10-05T04:12:33","date_gmt":"2024-10-05T04:12:33","guid":{"rendered":"https:\/\/tastycounter.net\/index.php\/2024\/10\/05\/loat-mau-router-draytek-dinh-lo-hong-bao-mat\/"},"modified":"2024-10-05T04:12:33","modified_gmt":"2024-10-05T04:12:33","slug":"loat-mau-router-draytek-dinh-lo-hong-bao-mat","status":"publish","type":"post","link":"https:\/\/tastycounter.net\/index.php\/2024\/10\/05\/loat-mau-router-draytek-dinh-lo-hong-bao-mat\/","title":{"rendered":"Lo\u1ea1t m\u1eabu router DrayTek d\u00ednh l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt"},"content":{"rendered":"<\/p>\n<div class=\"content-detail textview\">\n<p>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u an ninh m\u1ea1ng t\u1ea1i Forescout Technologies v\u1eeba ph\u00e1t hi\u1ec7n ra 14 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt tr\u00ean c\u00e1c m\u1eabu router do DrayTek s\u1ea3n xu\u1ea5t, c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t router v\u00e0 s\u1eed d\u1ee5ng s\u1eed d\u1ee5ng thi\u1ebft b\u1ecb \u0111\u00f3 \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o m\u1ea1ng doanh nghi\u1ec7p.<\/p>\n<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt width=\"700\" height=\"366\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2022\/08\/05\/lo-hong-rce-nghiem-trong-anh-huong-toi-29-mau-router-cua-draytek-700.jpg\"><\/p>\n<p>Forescout ph\u00e1t hi\u1ec7n ra r\u1eb1ng h\u01a1n 704.000 router DrayTek c\u00f3 giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web b\u1ecb l\u1ed9 tr\u00ean Internet. Ph\u1ea7n l\u1edbn c\u00e1c tr\u01b0\u1eddng h\u1ee3p b\u1ecb \u1ea3nh h\u01b0\u1edfng n\u1eb1m \u1edf Hoa K\u1ef3, Vi\u1ec7t Nam, H\u00e0 Lan, \u00dac&#8230;<\/p>\n<h2>Danh s\u00e1ch l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt tr\u00ean router DrayTek<\/h2>\n<p>Trong s\u1ed1 14 l\u1ed7i b\u1ea3o m\u1eadt m\u1edbi, c\u00f3 hai l\u1ed7i \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 nghi\u00eam tr\u1ecdng, 9 l\u1ed7i c\u00f3 m\u1ee9c \u0111\u1ed9 nguy hi\u1ec3m v\u00e0 3 l\u1ed7 h\u1ed5ng trung b\u00ecnh.<\/p>\n<table class=\"table-striped\" style=\"border-collapse:collapse;width:100%;height:360px\" border=\"1\">\n<tbody>\n<tr style=\"height:72px\">\n<td style=\"width:19.8822%;height:72px\">CVE-2024-41592<\/td>\n<td style=\"width:80.1178%;height:72px\">\n<p>Li\u00ean quan \u0111\u1ebfn l\u1ed7i tr\u00e0n b\u1ed9 \u0111\u1ec7m trong h\u00e0m &#8220;GetCGI()&#8221; trong giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web, c\u00f3 th\u1ec3 d\u1eabn \u0111\u1ebfn t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 (DoS) ho\u1eb7c th\u1ef1c thi m\u00e3 t\u1eeb xa (RCE) khi x\u1eed l\u00fd c\u00e1c tham s\u1ed1 chu\u1ed7i truy v\u1ea5n.<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:72px\">\n<td style=\"width:19.8822%;height:72px\">CVE-2024-41585 (\u0111i\u1ec3m CVSS: 9.1)<\/td>\n<td style=\"width:80.1178%;height:72px\">\n<p>Li\u00ean quan \u0111\u1ebfn tr\u01b0\u1eddng h\u1ee3p ch\u00e8n l\u1ec7nh h\u1ec7 \u0111i\u1ec1u h\u00e0nh (OS) v\u00e0o t\u1ec7p nh\u1ecb ph\u00e2n &#8220;recvCmd&#8221; \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 li\u00ean l\u1ea1c gi\u1eefa h\u1ec7 \u0111i\u1ec1u h\u00e0nh m\u00e1y ch\u1ee7 v\u00e0 m\u00e1y kh\u00e1ch.<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:48px\">\n<td style=\"width:19.8822%;height:48px\">CVE-2024-41589 (\u0110i\u1ec3m CVSS: 7,5)<\/td>\n<td style=\"width:80.1178%;height:48px\">\n<p>S\u1eed d\u1ee5ng c\u00f9ng m\u1ed9t th\u00f4ng tin \u0111\u0103ng nh\u1eadp qu\u1ea3n tr\u1ecb vi\u00ean tr\u00ean to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng, khi\u1ebfn to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng b\u1ecb x\u00e2m ph\u1ea1m.<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:24px\">\n<td style=\"width:19.8822%;height:24px\">CVE-2024-41591 (\u0110i\u1ec3m CVSS: 7,5)<\/td>\n<td style=\"width:80.1178%;height:24px\">\n<p>L\u1ed7 h\u1ed5ng th\u1ef1c thi m\u00e3 l\u1ec7nh ch\u00e9o trang (XSS) \u0111\u01b0\u1ee3c ph\u1ea3n \u00e1nh trong giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:24px\">\n<td style=\"width:19.8822%;height:24px\">CVE-2024-41587 (\u0110i\u1ec3m CVSS: 4,9)<\/td>\n<td style=\"width:80.1178%;height:24px\">\n<p>L\u1ed7 h\u1ed5ng XSS \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web khi c\u1ea5u h\u00ecnh tin nh\u1eafn t\u00f9y ch\u1ec9nh sau khi \u0111\u0103ng nh\u1eadp<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:24px\">\n<td style=\"width:19.8822%;height:24px\">CVE-2024-41583 (\u0110i\u1ec3m CVSS: 4,9)<\/td>\n<td style=\"width:80.1178%;height:24px\">\n<p>L\u1ed7 h\u1ed5ng XSS \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef trong giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web khi c\u1ea5u h\u00ecnh t\u00ean router t\u00f9y ch\u1ec9nh \u0111\u1ec3 hi\u1ec3n th\u1ecb cho ng\u01b0\u1eddi d\u00f9ng<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:24px\">\n<td style=\"width:19.8822%;height:24px\">CVE-2024-41584 (\u0110i\u1ec3m CVSS: 4,9)<\/td>\n<td style=\"width:80.1178%;height:24px\">\n<p>L\u1ed7 h\u1ed5ng XSS ph\u1ea3n \u00e1nh trong trang \u0111\u0103ng nh\u1eadp c\u1ee7a giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:24px\">\n<td style=\"width:19.8822%;height:24px\">CVE-2024-41588 (\u0110i\u1ec3m CVSS: 7.2)<\/td>\n<td style=\"width:80.1178%;height:24px\">\n<p>L\u1ed7 h\u1ed5ng tr\u00e0n b\u1ed9 \u0111\u1ec7m trong c\u00e1c trang CGI c\u1ee7a giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web \/cgi-bin\/v2x00.cgi v\u00e0 \/cgi-bin\/cgiwcg.cgi d\u1eabn \u0111\u1ebfn DoS ho\u1eb7c RCE<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:24px\">\n<td style=\"width:19.8822%;height:24px\">CVE-2024-41590 (\u0110i\u1ec3m CVSS: 7.2)<\/td>\n<td style=\"width:80.1178%;height:24px\">\n<p>L\u1ed7 h\u1ed5ng tr\u00e0n b\u1ed9 \u0111\u1ec7m trong c\u00e1c trang CGI c\u1ee7a giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web d\u1eabn \u0111\u1ebfn DoS ho\u1eb7c RCE<\/p>\n<\/td>\n<\/tr>\n<tr style=\"height:24px\">\n<td style=\"width:19.8822%;height:24px\">CVE-2024-41586 (\u0110i\u1ec3m CVSS: 7.2)<\/td>\n<td style=\"width:80.1178%;height:24px\">\n<p>L\u1ed7 h\u1ed5ng tr\u00e0n b\u1ed9 \u0111\u1ec7m ng\u0103n x\u1ebfp trong trang \/cgi-bin\/ipfedr.cgi c\u1ee7a giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web d\u1eabn \u0111\u1ebfn DoS ho\u1eb7c RCE<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width:19.8822%\">CVE-2024-41596 (\u0110i\u1ec3m CVSS: 7.2)<\/td>\n<td style=\"width:80.1178%\">\n<p>Nhi\u1ec1u l\u1ed7 h\u1ed5ng tr\u00e0n b\u1ed9 \u0111\u1ec7m trong giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web d\u1eabn \u0111\u1ebfn DoS ho\u1eb7c RCE<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width:19.8822%\">CVE-2024-41593 (\u0110i\u1ec3m CVSS: 7.2)<\/td>\n<td style=\"width:80.1178%\">\n<p>L\u1ed7 h\u1ed5ng tr\u00e0n b\u1ed9 \u0111\u1ec7m d\u1ef1a tr\u00ean heap trong h\u00e0m ft_payloads_dns() c\u1ee7a giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web d\u1eabn \u0111\u1ebfn DoS<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width:19.8822%\">CVE-2024-41595 (\u0110i\u1ec3m CVSS: 7.2)<\/td>\n<td style=\"width:80.1178%\">\n<p>L\u1ed7 h\u1ed5ng ghi ngo\u00e0i gi\u1edbi h\u1ea1n trong giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web d\u1eabn \u0111\u1ebfn DoS ho\u1eb7c RCE<\/p>\n<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width:19.8822%\">CVE-2024-41594 (\u0110i\u1ec3m CVSS: 7.6)<\/td>\n<td style=\"width:80.1178%\">\n<p>L\u1ed7 h\u1ed5ng ti\u1ebft l\u1ed9 th\u00f4ng tin trong ph\u1ea7n ph\u1ee5 tr\u1ee3 m\u00e1y ch\u1ee7 web cho giao di\u1ec7n ng\u01b0\u1eddi d\u00f9ng web, c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng th\u1ef1c hi\u1ec7n cu\u1ed9c t\u1ea5n c\u00f4ng adversary-in-the-middle.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div id=\"articleads\" class=\"adbox adsense in-article\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"2079243249\"><\/ins><\/div>\n<h2>C\u00e1ch kh\u1eafc ph\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt tr\u00ean router DrayTek<\/h2>\n<p>Sau khi nh\u1eadn \u0111\u01b0\u1ee3c b\u00e1o c\u00e1o, DrayTek \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 cho nhi\u1ec1u m\u1eabu router \u0111\u1ec3 gi\u1ea3i quy\u1ebft 14 l\u1ed7 h\u1ed5ng.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"Danh s\u00e1ch m\u1eabu router b\u1ecb \u1ea3nh h\u01b0\u1edfng v\u00e0 phi\u00ean b\u1ea3n ph\u1ea7n m\u1ec1m c\u1ea7n n\u00e2ng c\u1ea5p. \u1ea2nh: Draytek\" width=\"570\" height=\"270\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2024\/10\/04\/router-1.jpg\"><figcaption>Danh s\u00e1ch m\u1eabu router b\u1ecb \u1ea3nh h\u01b0\u1edfng v\u00e0 phi\u00ean b\u1ea3n ph\u1ea7n m\u1ec1m c\u1ea7n n\u00e2ng c\u1ea5p. \u1ea2nh: Draytek<\/figcaption><\/figure>\n<p>Ngo\u00e0i vi\u1ec7c \u00e1p d\u1ee5ng b\u1ea3n c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m m\u1edbi nh\u1ea5t, \u0111\u1ec3 kh\u1eafc ph\u1ee5c c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt tr\u00ean router DrayTek ng\u01b0\u1eddi d\u00f9ng \u0111\u01b0\u1ee3c khuy\u1ebfn ngh\u1ecb th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng sau:<\/p>\n<ul>\n<li>T\u1eaft quy\u1ec1n truy c\u1eadp t\u1eeb xa n\u1ebfu kh\u00f4ng c\u1ea7n thi\u1ebft.<\/li>\n<li>S\u1eed d\u1ee5ng danh s\u00e1ch ki\u1ec3m so\u00e1t truy c\u1eadp.<\/li>\n<li>S\u1eed d\u1ee5ng x\u00e1c th\u1ef1c hai y\u1ebfu t\u1ed1 khi ho\u1ea1t \u0111\u1ed9ng.<\/li>\n<li>Ki\u1ec3m tra c\u00e0i \u0111\u1eb7t xem c\u00f3 thay \u0111\u1ed5i t\u00f9y \u00fd ho\u1eb7c th\u00eam ng\u01b0\u1eddi d\u00f9ng qu\u1ea3n tr\u1ecb kh\u00f4ng.<\/li>\n<li>V\u00f4 hi\u1ec7u h\u00f3a k\u1ebft n\u1ed1i SSL VPN qua c\u1ed5ng 443.<\/li>\n<li>B\u1eadt ghi nh\u1eadt k\u00fd syslog \u0111\u1ec3 theo d\u00f5i c\u00e1c s\u1ef1 ki\u1ec7n \u0111\u00e1ng ng\u1edd.<\/li>\n<li>B\u1eadt t\u00ednh n\u0103ng t\u1ef1 \u0111\u1ed9ng n\u00e2ng c\u1ea5p l\u00ean c\u00e1c trang HTTPs tr\u00ean tr\u00ecnh duy\u1ec7t web.<\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u an ninh m\u1ea1ng t\u1ea1i Forescout Technologies v\u1eeba ph\u00e1t hi\u1ec7n ra 14 l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt tr\u00ean c\u00e1c m\u1eabu router do DrayTek s\u1ea3n xu\u1ea5t, c\u00f3 th\u1ec3 cho ph\u00e9p k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t router v\u00e0 s\u1eed d\u1ee5ng s\u1eed d\u1ee5ng thi\u1ebft b\u1ecb \u0111\u00f3 \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0o m\u1ea1ng doanh nghi\u1ec7p. Forescout ph\u00e1t hi\u1ec7n [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2879","post","type-post","status-publish","format-standard","hentry","category-khong-phan-loai"],"_links":{"self":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/2879","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/comments?post=2879"}],"version-history":[{"count":0,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/2879\/revisions"}],"wp:attachment":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/media?parent=2879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/categories?post=2879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/tags?post=2879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}