1. 执行摘要
53 / 100
2
严重
8
高危
111
中危
241
低危/信息
2. 测试范围与方法
| 项目 | 详情 |
|---|---|
| 固件版本 | rootfs |
| 厂商 | NETGEAR |
| 样本文件 | nyarc-audit-generic-4209484294/rootfs |
| 文件大小 | 218.9MB |
| 扫描时间 | 2026-04-23 |
| 工具 | Nyarc Professional v1.2.0 |
3. 发现总览
| # | 级别 | CVSS | 发现 |
|---|---|---|---|
| 1 | CRITICAL | 5.3 | OpenSSL libcrypto.so.1.0.0 — 已停止维护 |
| 2 | CRITICAL | 7.5 | OpenSSL 1.0.0 — 已停止维护 |
| 3 | HIGH | 5.3 | Zyxel backdoor detected (CVE-2024-40891): Shell command execution wrapper |
| 4 | HIGH | 5.3 | Zyxel backdoor detected (CVE-2024-40891): Shell command execution wrapper |
| 5 | HIGH | 5.3 | Zyxel backdoor detected (CVE-2024-40891): Shell command execution wrapper |
| 6 | HIGH | 5.3 | Ruijie backdoor detected (CVE-2023-34644): Module call command execution interface |
| 7 | HIGH | 5.3 | Ivanti backdoor detected (CVE-2025-0282): Ivanti VPN appliance (CVE-2025-0282) |
| 8 | HIGH | 5.3 | Ivanti backdoor detected (CVE-2025-0282): Ivanti VPN appliance (CVE-2025-0282) |
| 9 | HIGH | 5.3 | Zyxel backdoor detected (CVE-2024-40891): CLI command handler (telnet injection CVE-2024-40891) |
| 10 | HIGH | 5.3 | Zyxel backdoor detected (CVE-2024-40891): CLI command handler (telnet injection CVE-2024-40891) |
| 11 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 12 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 13 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 14 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 15 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 16 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 17 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 18 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 19 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 20 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 21 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 22 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 23 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 24 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 25 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 26 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 27 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 28 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 29 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 30 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 31 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 32 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 33 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 34 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 35 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 36 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 37 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 38 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 39 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 40 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 41 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 42 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 43 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 44 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 45 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 46 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 47 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 48 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 49 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 50 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 51 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 52 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 53 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 54 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 55 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 56 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 57 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 58 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 59 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 60 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 61 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 62 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 63 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 64 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 65 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 66 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 67 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 68 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 69 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 70 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 71 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 72 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 73 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 74 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 75 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 76 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 77 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 78 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 79 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 80 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 81 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 82 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 83 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 84 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 85 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 86 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 87 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 88 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 89 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 90 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 91 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 92 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 93 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 94 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 95 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 96 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 97 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 98 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 99 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 100 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 101 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 102 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 103 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 104 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 105 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 106 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 107 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 108 | MEDIUM | 5.3 | Generic potential vulnerability: Default admin credentials |
| 109 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 110 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 111 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 112 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 113 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 114 | MEDIUM | 5.3 | Generic potential vulnerability: Unbounded gets() input (critical overflow) |
| 115 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 116 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 117 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 118 | MEDIUM | 7.5 | D-Link potential vulnerability: Firmware ZIP password derived from model name |
| 119 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 120 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
| 121 | MEDIUM | 5.3 | D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target) |
4. 详细发现
1. OpenSSL libcrypto.so.1.0.0 — 已停止维护CRITICAL (CVSS 5.3)
/lib/libcrypto.so.1.0.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NID: NYARC-001
2. OpenSSL 1.0.0 — 已停止维护CRITICAL (CVSS 7.5)
/lib/libssl.so.1.0.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HID: NYARC-002
3. Zyxel backdoor detected (CVE-2024-40891): Shell command execution wrapperHIGH (CVSS 5.3)
/lib/libcms_cli.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcms_cli.soID: NYARC-003
4. Zyxel backdoor detected (CVE-2024-40891): Shell command execution wrapperHIGH (CVSS 5.3)
/lib/libcms_core.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcms_core.soID: NYARC-004
5. Zyxel backdoor detected (CVE-2024-40891): Shell command execution wrapperHIGH (CVSS 5.3)
/lib/libcms_util.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcms_util.soID: NYARC-005
6. Ruijie backdoor detected (CVE-2023-34644): Module call command execution interfaceHIGH (CVSS 5.3)
/lib/libldb.so.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libldb.so.1ID: NYARC-006
7. Ivanti backdoor detected (CVE-2025-0282): Ivanti VPN appliance (CVE-2025-0282)HIGH (CVSS 5.3)
/www/Netgear_TNC_Italian.htmCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/www/Netgear_TNC_Italian.htmID: NYARC-007
8. Ivanti backdoor detected (CVE-2025-0282): Ivanti VPN appliance (CVE-2025-0282)HIGH (CVSS 5.3)
/www/genie_strtab_ItalianCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/www/genie_strtab_ItalianID: NYARC-008
9. Zyxel backdoor detected (CVE-2024-40891): CLI command handler (telnet injection CVE-2024-40891)HIGH (CVSS 5.3)
/bin/consoled_brcmCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/bin/consoled_brcmID: NYARC-009
10. Zyxel backdoor detected (CVE-2024-40891): CLI command handler (telnet injection CVE-2024-40891)HIGH (CVSS 5.3)
/lib/libcms_cli.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcms_cli.soID: NYARC-010
11. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/lib/libcms_dal.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcms_dal.soID: NYARC-011
12. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/etc/bdupd_start.shCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/etc/bdupd_start.shID: NYARC-012
13. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/lib/libcrypto.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcrypto.soID: NYARC-013
14. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/lib/libcrypto.so.1.0.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcrypto.so.1.0.0ID: NYARC-014
15. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/lib/libcrypto.so.1.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcrypto.so.1.1ID: NYARC-015
16. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/lib/libacos_debug_log.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libacos_debug_log.soID: NYARC-016
17. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/lib/libmdm_cbk_devinfo.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libmdm_cbk_devinfo.soID: NYARC-017
18. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/lib/libmdm_cbk_diag.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libmdm_cbk_diag.soID: NYARC-018
19. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/lib/libmdm_cbk_wifi.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libmdm_cbk_wifi.soID: NYARC-019
20. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/lib/libnv2hapdcfg.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/lib/libnv2hapdcfg.soID: NYARC-020
21. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/lib/libproject_dep.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libproject_dep.soID: NYARC-021
22. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/opt/xagent/run-xagent.shCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/opt/xagent/run-xagent.shID: NYARC-022
23. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/acos_initCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/acos_initID: NYARC-023
24. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/acos_initCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/acos_initID: NYARC-024
25. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/acos_init_onceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/acos_init_onceID: NYARC-025
26. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/acos_init_onceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/acos_init_onceID: NYARC-026
27. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/acos_pre_init_onceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/acos_pre_init_onceID: NYARC-027
28. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/acos_pre_init_onceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/acos_pre_init_onceID: NYARC-028
29. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/acos_serviceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/acos_serviceID: NYARC-029
30. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/acos_serviceCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/acos_serviceID: NYARC-030
31. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/apiCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/apiID: NYARC-031
32. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/apiCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/apiID: NYARC-032
33. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/autoconfig_wan_downCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/autoconfig_wan_downID: NYARC-033
34. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/autoconfig_wan_downCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/autoconfig_wan_downID: NYARC-034
35. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/autoconfig_wan_upCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/autoconfig_wan_upID: NYARC-035
36. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/autoconfig_wan_upCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/autoconfig_wan_upID: NYARC-036
37. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/dhcp6c_downCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/dhcp6c_downID: NYARC-037
38. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/dhcp6c_downCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/dhcp6c_downID: NYARC-038
39. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/dhcp6c_upCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/dhcp6c_upID: NYARC-039
40. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/dhcp6c_upCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/dhcp6c_upID: NYARC-040
41. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/dlnaCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/dlnaID: NYARC-041
42. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/dlnaCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/dlnaID: NYARC-042
43. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/firewallCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/firewallID: NYARC-043
44. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/firewallCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/firewallID: NYARC-044
45. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/internetCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/internetID: NYARC-045
46. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/internetCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/internetID: NYARC-046
47. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ipv6-conntabCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ipv6-conntabID: NYARC-047
48. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ipv6-conntabCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ipv6-conntabID: NYARC-048
49. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ipv6_drop_all_pktCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ipv6_drop_all_pktID: NYARC-049
50. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ipv6_drop_all_pktCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ipv6_drop_all_pktID: NYARC-050
51. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ipv6_enable_wan_ping_to_lanCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ipv6_enable_wan_ping_to_lanID: NYARC-051
52. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ipv6_enable_wan_ping_to_lanCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ipv6_enable_wan_ping_to_lanID: NYARC-052
53. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/landownCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/landownID: NYARC-053
54. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/landownCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/landownID: NYARC-054
55. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/lanupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/lanupID: NYARC-055
56. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/lanupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/lanupID: NYARC-056
57. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ledamberupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ledamberupID: NYARC-057
58. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ledamberupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ledamberupID: NYARC-058
59. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ledblueupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ledblueupID: NYARC-059
60. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ledblueupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ledblueupID: NYARC-060
61. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/leddownCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/leddownID: NYARC-061
62. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/leddownCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/leddownID: NYARC-062
63. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ledgreenupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ledgreenupID: NYARC-063
64. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ledgreenupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ledgreenupID: NYARC-064
65. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ledredupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ledredupID: NYARC-065
66. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ledredupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ledredupID: NYARC-066
67. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ledupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ledupID: NYARC-067
68. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ledupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ledupID: NYARC-068
69. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/ledwhiteupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/ledwhiteupID: NYARC-069
70. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/ledwhiteupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/ledwhiteupID: NYARC-070
71. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/loaddefaultCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/loaddefaultID: NYARC-071
72. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/loaddefaultCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/loaddefaultID: NYARC-072
73. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/nvconfigCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/nvconfigID: NYARC-073
74. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/nvconfigCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/nvconfigID: NYARC-074
75. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/product_aliasCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/product_aliasID: NYARC-075
76. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/product_aliasCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/product_aliasID: NYARC-076
77. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/read_bdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/read_bdID: NYARC-077
78. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/read_bdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/read_bdID: NYARC-078
79. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/restart_mcpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/restart_mcpdID: NYARC-079
80. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/restart_mcpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/restart_mcpdID: NYARC-080
81. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/restore_binCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/restore_binID: NYARC-081
82. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/restore_binCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/restore_binID: NYARC-082
83. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/routerinfoCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/routerinfoID: NYARC-083
84. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/routerinfoCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/routerinfoID: NYARC-084
85. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/systemCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/systemID: NYARC-085
86. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/systemCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/systemID: NYARC-086
87. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/te_test_dCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/te_test_dID: NYARC-087
88. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/uptimeCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/uptimeID: NYARC-088
89. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/uptimeCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/uptimeID: NYARC-089
90. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/versionCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/versionID: NYARC-090
91. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/versionCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/versionID: NYARC-091
92. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/wanPhydownCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/wanPhydownID: NYARC-092
93. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/wanPhydownCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/wanPhydownID: NYARC-093
94. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/sbin/wanPhyupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/sbin/wanPhyupID: NYARC-094
95. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/sbin/wanPhyupCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/sbin/wanPhyupID: NYARC-095
96. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/share/doc/pcre/html/pcretest.htmlCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/share/doc/pcre/html/pcretest.htmlID: NYARC-096
97. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/usr/bin/circlev2/shares/usr/lib/libcrypto.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/bin/circlev2/shares/usr/lib/libcrypto.soID: NYARC-097
98. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/usr/bin/circlev2/shares/usr/lib/libcrypto.so.1.0.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/bin/circlev2/shares/usr/lib/libcrypto.so.1.0.0ID: NYARC-098
99. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/usr/lib/libacos_shared.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/lib/libacos_shared.soID: NYARC-099
100. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/lib/libacos_shared.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/lib/libacos_shared.soID: NYARC-100
101. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/lib/libdalcjson.aCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/lib/libdalcjson.aID: NYARC-101
102. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/lib/libdjson.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/lib/libdjson.soID: NYARC-102
103. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/usr/sbin/check_fwCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/check_fwID: NYARC-103
104. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/usr/sbin/check_raCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/check_raID: NYARC-104
105. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/sbin/hostapdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/sbin/hostapdID: NYARC-105
106. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/usr/sbin/httpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/httpdID: NYARC-106
107. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/sbin/httpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/sbin/httpdID: NYARC-107
108. Generic potential vulnerability: Default admin credentialsMEDIUM (CVSS 5.3)
/usr/sbin/httpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/httpdID: NYARC-108
109. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/usr/sbin/httpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/httpdID: NYARC-109
110. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/sbin/minidlna.exeCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/sbin/minidlna.exeID: NYARC-110
111. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/usr/sbin/potCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/potID: NYARC-111
112. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/usr/sbin/upnpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/upnpdID: NYARC-112
113. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/sbin/upnpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/sbin/upnpdID: NYARC-113
114. Generic potential vulnerability: Unbounded gets() input (critical overflow)MEDIUM (CVSS 5.3)
/usr/sbin/upnpdCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/usr/sbin/upnpdID: NYARC-114
115. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/sbin/wlCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/sbin/wlID: NYARC-115
116. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/sbin/wpa_cliCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/sbin/wpa_cliID: NYARC-116
117. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/usr/sbin/wpa_supplicantCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/usr/sbin/wpa_supplicantID: NYARC-117
118. D-Link potential vulnerability: Firmware ZIP password derived from model nameMEDIUM (CVSS 7.5)
/bin/hspotapCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/bin/hspotapID: NYARC-118
119. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/bin/rastatus6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/bin/rastatus6ID: NYARC-119
120. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/lib/libcms_core.soCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/lib/libcms_core.soID: NYARC-120
121. D-Link/Tenda potential vulnerability: System command execution wrapper (common injection target)MEDIUM (CVSS 5.3)
/bin/sskCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/bin/sskID: NYARC-121
📡 云控组件检测
| 组件 | 类型 | 风险 | 外连域名 |
|---|---|---|---|
d2/etc/init.d/d2 | init.d | medium | genieremote-qa.netgear.com |
hndmfg.sh/etc/init.d/hndmfg.sh | init.d | medium | 192.168.1.100 |
5. 外连通信分析
| 域名 | 分类 | 引用 |
|---|---|---|
ftp.info-zip.org | 🟡 system | 6 files
|
null.meetcircle.co | 🟡 system | 3 files
|
time-d.netgear.com | 🟡 system | 3 files
|
strict.bing.com | 🟡 system | 3 files
|
time-b.netgear.com | 🟡 system | 3 files
|
time-a.netgear.com | 🟡 system | 3 files
|
time-c.netgear.com | 🟡 system | 3 files
|
safe.duckduckgo.com | 🟡 system | 3 files
|
device.meetcircle.co | 🟡 system | 3 files
|
restrictmoderate.youtube.com | 🟡 system | 3 files
|
schemas.microsoft.com | 🟡 system | 2 files
|
documentation.netgear.com | 🟡 system | 2 files
|
readycloud.netgear.com | 🟡 system | 2 files
|
updates1.netgear.com | 🟡 system | 2 files
|
netgear-devrecog.fing.io | 🟡 system | |
members.dyndns.org | 🟡 system | |
ip1.dynupdate.no | 🟡 system | |
ipv6.juniper.net | 🟡 system | |
ipv6.linuxhomepage.com | 🟡 system | |
getavailableseekrange.dlna.org | 🟡 system | |
ipv6.microstuff.org | 🟡 system | |
time-g.netgear.com | 🟡 system | |
ipv6.airbites.net | 🟡 system | |
api.jquery.com | 🟡 api | |
ipv6.teddy.ch | 🟡 system | |
v6.testmyipv6.com | 🟡 system | |
api.jqueryui.com | 🟡 api | |
ipv6.worldcom.co | 🟡 system | |
ipv6.cloud.org | 🟡 system | |
testv6.cdlt.com | 🟡 system | |
6. 加固建议
建议:审查所有外连通信,更换默认凭据,升级过时的加密库。