固件安全审计报告

OpenWrt 18.06-SNAPSHOT unknown

报告日期:2026-04-22

样本: xiaomi-test/rootfs

NYARC-2026-001

🔒 机密 — 仅供授权人员查阅

目录

1. 执行摘要

18 / 100
1
严重
0
高危
1
中危
0
低危/信息

2. 测试范围与方法

项目详情
固件版本OpenWrt 18.06-SNAPSHOT unknown
样本文件xiaomi-test/rootfs
文件大小88.1MB
扫描时间2026-04-22
工具Nyarc v1.1.0

3. 发现总览

#级别CVSS发现
1MEDIUM5.3User 'root' uses MD5crypt weak hash
2CRITICAL9.0OpenSSL 1.0.0 — 已停止维护

4. 详细发现

1. User 'root' uses MD5crypt weak hashMEDIUM (CVSS 5.3)
描述
MD5crypt ($1$) is a weak algorithm, recommend migration to SHA-512 ($6$)
证据
/etc/shadow: root:$1$MULfKgY6$rdJYoUcz...
📷 [截图: 请在此处插入复现截图]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2. OpenSSL 1.0.0 — 已停止维护CRITICAL (CVSS 9.0)
描述
OpenSSL 1.0.x 已于 2020 年停止维护,存在大量已知漏洞(含远程代码执行)
证据
/usr/lib/libssl.so.1.0.0
📷 [截图: 请在此处插入复现截图]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

5. 外连通信分析

域名分类引用
log.miwifi.comtelemetry/etc/config/miwifi /usr/bin/matool
api.miwifi.comapi/etc/config/miwifi /etc/config/wifishare /etc/nginx/miwifi-webinitrd-https.conf /etc/nginx/miwifi-webinitrd.conf /lib/config_post_ota/wifishare_post_ota.sh /usr/bin/matool /usr/bin/messagingagent /usr/lib/lua/luci/view/web/init/guide.htm /usr/sbin/recovery_info_sync.sh /usr/sbin/wanip_check.sh /usr/sbin/wifishare.sh /www/self_diag/resource/js/helper.js /www/static/js/26.99691565a33a850fa3f9.js
bigota.miwifi.comupdate/usr/lib/lua/luci/view/web/inc/g.js.htm /usr/lib/lua/luci/view/web/init/bind.htm /usr/lib/lua/luci/view/web/init/guide.htm /usr/lib/lua/luci/view/web/sysauth.htm /usr/sbin/wifishare.sh /www/static/js/25.1bc67c9fea76d27c1a01.js
account.xiaomi.comauth/usr/lib/lua/luci/view/web/inc/agreement.htm /usr/lib/lua/luci/view/web/inc/agreement_HK.htm /usr/lib/lua/luci/view/web/inc/agreement_TW.htm /www/static/js/27.a6589dae1974c2685095.js
dlied6.qq.comsystem/usr/bin/download_speedtest /usr/bin/speedtest /usr/bin/upload_speedtest
broker.miwifi.comcloud/etc/config/miwifi /usr/bin/matool /usr/bin/messagingagent
stun.miwifi.comnetwork/etc/config/miwifi /usr/bin/matool
push.apple.comcloud/etc/nginx/miwifi-webinitrd-https.conf /etc/nginx/miwifi-webinitrd.conf
system.netdt.cnsystem/usr/sbin/nettb /usr/sbin/pppoe-check
api.miwfi.comapi/usr/sbin/wanip_check.sh
www.miwifi.comfrontend/etc/init.d/dnsmasq /etc/nginx/miwifi-webinitrd-https.conf /etc/nginx/miwifi-webinitrd.conf /etc/nginx/nginx.conf /etc/rc.d/S19dnsmasq /usr/lib/lua/luci/view/web/inc/agreement.htm /usr/lib/lua/luci/view/web/inc/agreement_HK.htm /usr/lib/lua/luci/view/web/inc/agreement_TW.htm /usr/lib/lua/luci/view/web/inc/privacy_US_inter.htm /usr/sbin/sysapi.firewall /www/static/js/27.a6589dae1974c2685095.js
www.mi.comfrontend/usr/lib/lua/luci/view/web/inc/agreement.htm /usr/lib/lua/luci/view/web/inc/agreement_KR.htm /usr/lib/lua/luci/view/web/inc/agreement_TW.htm /usr/lib/lua/luci/view/web/inc/agreement_US.htm /usr/lib/lua/luci/view/web/inc/agreement_US_inter.htm /usr/lib/lua/luci/view/web/inc/g.js.htm /usr/lib/lua/luci/view/web/index.htm /usr/lib/lua/luci/view/web/init/guide.htm /usr/sbin/miniupnpd /www/static/js/27.a6589dae1974c2685095.js
s.miwifi.comcdn/etc/config/miwifi /etc/config/wifishare /etc/nginx/htdocs/wifishare.html /lib/config_post_ota/wifishare_post_ota.sh /usr/sbin/datacenter /usr/sbin/plugincenter /usr/sbin/wifishare.sh /www/v3.html
app.miwifi.comapi/etc/config/miwifi /usr/lib/libpackagesign.so /usr/lib/libpackagesign.so.1 /usr/lib/libpackagesign.so.1.0.0 /usr/lib/opkg/info/packagesign.list /usr/sbin/installplugin /usr/sbin/pluginControllor /usr/sbin/plugincenter
www1.miwifi.comfrontend/usr/lib/lua/luci/view/web/inc/footer.htm /usr/lib/lua/luci/view/web/inc/footermini.htm /usr/lib/lua/luci/view/web/inc/g.js.htm /usr/lib/lua/luci/view/web/inc/store.htm /usr/lib/lua/luci/view/web/init/guide.htm /usr/lib/lua/luci/view/web/sysauth.htm /usr/sbin/miniupnpd
oss.maxcdn.comcdn/www/self_diag/pages/custom.html /www/self_diag/pages/download.html /www/self_diag/pages/harddisk.html /www/self_diag/pages/index.html /www/self_diag/pages/usb.html /www/self_diag/pages/wireless.html
captive.apple.comnetwork/etc/config/wifishare /etc/nginx/miwifi-webinitrd-https.conf /etc/nginx/miwifi-webinitrd.conf /lib/config_post_ota/wifishare_post_ota.sh /usr/sbin/wifishare.sh
itunes.apple.comfrontend/usr/lib/lua/luci/view/web/init/bind.htm /usr/lib/lua/luci/view/web/init/guide.htm /usr/lib/lua/luci/view/web/sysauth.htm /www/static/js/25.1bc67c9fea76d27c1a01.js
wiki.openwrt.orgdocs/usr/lib/opkg/info/6rd.control /usr/lib/opkg/info/ddns-scripts.control /usr/lib/opkg/info/ds-lite.control /usr/lib/opkg/info/map.control
www.balabit.comfrontend/usr/lib/libsyslog-ng-3.9.so.0 /usr/lib/libsyslog-ng-3.9.so.0.0.0 /usr/lib/libsyslog-ng.so
www.taobao.comfrontend/etc/config/system /usr/bin/upload_speedtest /usr/share/speedtest.xml
lysator.liu.selibrary/usr/lib/libssh2.so /usr/lib/libssh2.so.1 /usr/lib/libssh2.so.1.0.1
lists.balabit.hulibrary/usr/lib/libsyslog-ng-3.9.so.0 /usr/lib/libsyslog-ng-3.9.so.0.0.0 /usr/lib/libsyslog-ng.so
htp.miwifi.comnetwork/etc/nginx/miwifi-webinitrd-https.conf /etc/nginx/miwifi-webinitrd.conf /usr/sbin/ntpsetclock
www.baidu.comfrontend/etc/config/system /etc/nginx/miwifi-webinitrd-https.conf /etc/nginx/miwifi-webinitrd.conf
www.ascc.netfrontend/usr/lib/libxml2.so /usr/lib/libxml2.so.2 /usr/lib/libxml2.so.2.9.8
freedns.42.plconfig/etc/ddns/services /etc/uci-defaults/ddns /etc/uci-defaults/ddns_no-ip_com
www.veracrypt.frfrontend/usr/lib/libgio-2.0.so /usr/lib/libgio-2.0.so.0 /usr/lib/libgio-2.0.so.0.5800.1
cshore.thecshore.compackage/usr/lib/opkg/info/rp-pppoe-common.control /usr/lib/opkg/info/rp-pppoe-relay.control /usr/lib/opkg/info/rp-pppoe-server.control
www.duckdns.orgfrontend/etc/ddns/services /etc/ddns/services_ipv6

6. 加固建议

建议:审查所有外连通信,更换默认凭据,升级过时的加密库。

Nyarc v1.1.0 — Firmware Reverse Engineering Console

NYARC-2026-001 | 机密 | 2026-04-22