1. 执行摘要

85 / 100

严重

高危

中危

低危/信息

2. 测试范围与方法

项目	详情
固件版本	OpenWrt 14.07
样本文件	`gocloud.img`
MD5	`31ff47e6a5d0d6036f621b50cc65850d`
SHA-256	`a1d3c7c83f74f502b4224a6393d1c3dadc43fcb298941e160a7cd5a44c32be92`
文件大小	11.5MB
扫描时间	2026-04-23
工具	Nyarc v1.1.0

3. 发现总览

#	级别	CVSS	发现
1	CRITICAL	5.3	OpenSSL libcrypto.so.1.0.0 — 已停止维护
2	CRITICAL	7.5	OpenSSL 1.0.0 — 已停止维护
3	CRITICAL	9.1	私钥泄露： /etc/lighttpd/lighttpd.pem
4	CRITICAL	9.1	私钥泄露： /etc/serverkey.pem
5	CRITICAL	7.5	OpenSSL 1.0.0 — 已停止维护

4. 详细发现

1. OpenSSL libcrypto.so.1.0.0 — 已停止维护CRITICAL (CVSS 5.3)

描述

OpenSSL 1.0.x is EOL since 2020, multiple known CVEs including RCE

证据

/usr/lib/libcrypto.so.1.0.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

2. OpenSSL 1.0.0 — 已停止维护CRITICAL (CVSS 7.5)

描述

OpenSSL 1.0.x is EOL since 2020, multiple known CVEs including RCE

证据

/usr/lib/libssl.so.1.0.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

3. 私钥泄露： /etc/lighttpd/lighttpd.pemCRITICAL (CVSS 9.1)

描述

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /etc/lighttpd/lighttpd.pem (2048-bit RSA)
Certificate: /etc/lighttpd/lighttpd.pem
主体	C = CN, ST = Shanghai, L = Shanghai, O = GOCLOUD, OU = GOCLOUD, CN = 192.168.1.1
签发者	C = CN, ST = Shanghai, L = Shanghai, O = GOCLOUD, OU = GOCLOUD, CN = 192.168.1.1
生效时间	Nov 20 05:14:16 2017 GMT
过期时间	Nov 20 05:14:16 2018 GMT
序列号	C03C2B45E1BA454A
SHA1 指纹	57:8B:41:96:A1:31:20:AA:17:CB:39:8B:BE:B6:8A:B9:04:FD:EA:A1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

4. 私钥泄露： /etc/serverkey.pemCRITICAL (CVSS 9.1)

描述

Private key found in firmware. Anyone with the firmware can impersonate this service.

Private Key: /etc/serverkey.pem (1024-bit RSA)
Certificate: /etc/serverkey.pem

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

5. OpenSSL 1.0.0 — 已停止维护CRITICAL (CVSS 7.5)

描述

OpenSSL 1.0.x 已于 2020 年停止维护，存在大量已知漏洞（含远程代码执行）

证据

/usr/lib/libssl.so.1.0.0

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5. 外连通信分析

域名	分类	引用
`update.gocloud.cn`	🟡 update	7 files `/etc/product_info` `/usr/lib/lua/luci/controller/admin/system.lua` `/usr/lib/lua/luci/controller/flupgrade_ctrl.lua` `/usr/lib/lua/luci/view/tnmp/wx_mustbefan.htm` `/usr/lib/lua/spyder/flukn.lua` `/usr/sbin/factory_logo` `/usr/sbin/factory_new`
`api.weifenshi.cn`	🟡 api	5 files `/usr/lib/lua/ajax/public.lua` `/usr/lib/lua/luci/view/tnmp/wechat_xifen_scan_auth.htm` `/usr/lib/lua/tnmp/ajax_recv_openid.lua` `/usr/lib/lua/tnmp/core.lua` `/usr/sbin/qbigwifi`
`cloud.tg-net.cn`	🟡 cloud	4 files `/bin/tnmpd` `/usr/lib/lua/luci/controller/ac-tgnet.lua` `/usr/lib/lua/luci/view/ac_tgnet/ac_system_tocloud.htm` `/usr/lib/lua/tnmp/ac.lua`
`api.gocloud.cn`	🟡 api	4 files `/bin/tnmpd` `/www/dist/layouts__BasicLayout.31537c67.async.js` `/www/tnmp/views/index.html` `/www/tnmp/views/mpcode.html`
`auth.max.dev`	🟡 auth	4 files `/www/dist/layouts__BasicLayout.31537c67.async.js` `/www/dist/p__Auth__Account.6674d338.async.js` `/www/dist/p__Auth__Account__EditAccount.d5b413de.async.js` `/www/dist/umi.7f44b085.js`
`daili.tg-net.cn`	🟡 system	3 files `/usr/lib/lua/dplugins/65527-update` `/usr/lib/lua/tnmp/core.lua` `/usr/sbin/realtimed`
`auth.alipay.com`	🟡 auth	2 files `/etc/init.d/ac-tgnet` `/etc/rc.d/S99zzac-tgnet`
`cloud.wanbroad.com`	🟡 cloud	2 files `/bin/tnmpd` `/usr/lib/lua/tnmp/ac.lua`
`auth.nas.id`	🟡 auth	2 files `/www/dist/p__Auth__Radius.c4facda9.async.js` `/www/dist/umi.7f44b085.js`
`webmgmt.global.cloud`	🟡 system	2 files `/usr/lib/lua/spyder/connect.lua` `/usr/sbin/realtimed`
`update.go-cloud.cn`	🟡 update	2 files `/lib/isp_rt_update/isp_rt_update.sh` `/usr/lib/lua/check_factory.lua`
`spyder.gocloud.cn`	🟡 system	`/usr/sbin/spyder`
`speedtest02.js165.com`	🟡 system	`/usr/sbin/speedtest.lua`
`speedtest1.ah163.com`	🟡 system	`/usr/sbin/speedtest.lua`
`speedtest.zjmobile.com`	🟡 system	`/usr/sbin/speedtest.lua`
`lists.sf.net`	🟡 system	`/usr/bin/ps`
`cloud.nologo.cn`	🟡 cloud	`/bin/tnmpd`
`cloud.nowifi.cn`	🟡 cloud	`/etc/uci-defaults/002-uci-product_params`
`speedtest01.hn165.com`	🟡 system	`/usr/sbin/speedtest.lua`
`bj3.unicomtest.com`	🟡 system	`/usr/sbin/speedtest.lua`
`www.go-cloud.cn`	🟢 frontend	62 files `/etc/init.d/addon_domain` `/etc/init.d/appclassd` `/etc/init.d/appd` `/etc/init.d/arpbind` `/etc/init.d/arptrust` `/etc/init.d/client` `/etc/init.d/cron` `/etc/init.d/dcached` `/etc/init.d/done_ext` `/etc/init.d/eventd` `/etc/init.d/frpc` `/etc/init.d/l2tp_account` `/etc/init.d/macfilter` `/etc/init.d/pingxx` `/etc/init.d/pppoe_server` `/etc/init.d/pptpd` `/etc/init.d/pptpd_account` `/etc/init.d/realtimed` `/etc/init.d/spyder` `/etc/ppp/ip-up.d/pppoes-up` `/etc/rc.d/K98pppoe_server` `/etc/rc.d/S46addon_domain` `/etc/rc.d/S50arpbind` `/etc/rc.d/S51arptrust` `/etc/rc.d/S51macfilter` `/etc/rc.d/S58client` `/etc/rc.d/S61pptpd` `/etc/rc.d/S62l2tp_account` `/etc/rc.d/S62pptpd_account` `/etc/rc.d/S80cron` `/etc/rc.d/S96dcached` `/etc/rc.d/S96pingxx` `/etc/rc.d/S96realtimed` `/etc/rc.d/S98pppoe_server` `/etc/rc.d/S99appclassd` `/etc/rc.d/S99appd` `/etc/rc.d/S99eventd` `/etc/rc.d/S99frpc` `/etc/rc.d/S99zspyder` `/etc/rc.d/S99zzdone_ext` `/lib/board.sh` `/usr/lib/lua/_log.lua` `/usr/lib/lua/app.lua` `/usr/lib/lua/appctl.lua` `/usr/lib/lua/http.lua` `/usr/lib/lua/httpx.lua` `/usr/lib/lua/luci/view/ac/ac_upgrade_ing.htm` `/usr/lib/lua/std.lua` `/usr/lib/lua/tasklet/channel/_stream.lua` `/usr/lib/lua/tasklet/channel/message.lua` `/usr/lib/lua/tasklet/channel/sslstream.lua` `/usr/lib/lua/tasklet/channel/stream.lua` `/usr/lib/lua/tasklet/channel/streamserver.lua` `/usr/lib/lua/tasklet/dgram.lua` `/usr/lib/lua/tasklet/service.lua` `/usr/lib/lua/tasklet/util.lua` `/usr/lib/lua/tasklet.lua` `/usr/lib/lua/urlparse.lua` `/usr/sbin/ajax` `/usr/sbin/dhcpsever_detect` `/usr/sbin/leval` `/usr/share/udhcpc/udhcpc.script`
`www.protocolinfo.org`	🟢 frontend	14 files `/etc/l7-protocols/aim.pat` `/etc/l7-protocols/bittorrent.pat` `/etc/l7-protocols/edonkey.pat` `/etc/l7-protocols/fasttrack.pat` `/etc/l7-protocols/gnutella.pat` `/etc/l7-protocols/ident.pat` `/etc/l7-protocols/irc.pat` `/etc/l7-protocols/jabber.pat` `/etc/l7-protocols/msnmessenger.pat` `/etc/l7-protocols/ntp.pat` `/etc/l7-protocols/pop3.pat` `/etc/l7-protocols/smtp.pat` `/etc/l7-protocols/ssl.pat` `/etc/l7-protocols/vnc.pat`
`agent.gocloud.cn`	🟢 config	12 files `/bin/tnmpd` `/etc/uci-defaults/002-uci-product_params` `/usr/lib/lua/luci/view/tnmp/loading.htm` `/usr/lib/lua/luci/view/tnmp/portal_bridge.htm` `/usr/lib/lua/luci/view/tnmp/wechat_xifen_push_auth.htm` `/usr/lib/lua/spyder/config.lua` `/usr/lib/lua/spyder/connect.lua` `/usr/lib/lua/spyder/wifiauth.lua` `/usr/lib/lua/tnmp/ac.lua` `/usr/lib/lua/tnmp/core.lua` `/usr/sbin/realtimed` `/www/dist/umi.7f44b085.js`
`www.bohemiancoding.com`	🟢 frontend	6 files `/www/dist/OEM/BDCOM/loginbg.svg` `/www/dist/OEM/GOCLOUD/loginbg.svg` `/www/dist/OEM/SHWWS/loginbg.svg` `/www/dist/static/403.2dda86ad.svg` `/www/dist/static/404.9ed13bbe.svg` `/www/dist/static/500.990ae4d0.svg`
`www.gocloud.cn`	🟢 frontend	6 files `/bin/tnmpd` `/etc/uci-defaults/002-uci-product_params` `/usr/lib/lua/luci/model/cbi/ac_tgnet/ac_auth_ad.lua` `/usr/lib/lua/luci/view/ac_tgnet/ac_system_sysupgrade.htm` `/usr/lib/lua/tnmp/acctl.lua` `/www/dist/layouts__BasicLayout.31537c67.async.js`
`www.goout.com`	🟢 frontend	5 files `/usr/lib/lua/luci/i18n/dhcp.vi.lmo` `/usr/lib/lua/luci/i18n/dhcp.zh-cn.lmo` `/usr/lib/lua/luci/i18n/dhcp.zh-tw.lmo` `/usr/lib/lua/luci/model/cbi/dhcp/host_domain.lua` `/www/dist/umi.7f44b085.js`
`validate.must.be`	🟢 unknown	5 files `/www/dist/layouts__BasicLayout.31537c67.async.js` `/www/dist/p__NetCore__AC__EditApAdvanced__ClientLimit.32029523.async.js` `/www/dist/p__NetCore__AC__EditApAdvanced__Detail.22e4465f.async.js` `/www/dist/p__NetCore__AC__EditApAdvanced__RSSI.16bc34a4.async.js` `/www/dist/umi.7f44b085.js`
`qos.share.in`	🟢 unknown	5 files `/www/dist/p__Auth__Account.6674d338.async.js` `/www/dist/p__Auth__Account__EditAccount.d5b413de.async.js` `/www/dist/p__QoS__EditIPRateLimit.d369f59a.async.js` `/www/dist/p__QoS__IPRateLimit.7b5a6616.async.js` `/www/dist/umi.7f44b085.js`
`openwrt.org.cn`	🟢 config	5 files `/etc/init.d/ddns` `/etc/rc.d/S95ddns` `/etc/restore2default.sh` `/usr/bin/user_find` `/usr/lib/lua/luci/view/admin_system/wizards.htm`
`test.github.com`	🟢 unknown	5 files `/usr/lib/lua/luci/i18n/ddns.vi.lmo` `/usr/lib/lua/luci/i18n/ddns.zh-cn.lmo` `/usr/lib/lua/luci/i18n/ddns.zh-tw.lmo` `/usr/lib/lua/luci/model/cbi/ddns/aliddns_set.lua` `/usr/lib/lua/luci/model/cbi/ddns/dnspod_set.lua`

6. 加固建议

建议：审查所有外连通信，更换默认凭据，升级过时的加密库。

固件安全审计报告

OpenWrt 14.07

目录