当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139648

漏洞标题:四川电信某路由器节点弱口令

相关厂商:成都电信

漏洞作者: zkk

提交时间:2015-09-10 11:18

修复时间:2015-10-26 14:02

公开时间:2015-10-26 14:02

漏洞类型:基础设施弱口令

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-10: 细节已通知厂商并且等待厂商处理中
2015-09-11: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-21: 细节向核心白帽子及相关领域专家公开
2015-10-01: 细节向普通白帽子公开
2015-10-11: 细节向实习白帽子公开
2015-10-26: 细节向公众公开

简要描述:

telnet zte zte直接进设备 ,如果增删改了路由,清空配置,更改密码,骨干网挂了,多少业务跪了

详细说明:

telnet **.**.**.**
很明显的ZTE
百度下ZTE默认用户名密码
zte zte
进设备了,ZTE M6000电信级别路由器

telnet.png


show running-config,配置好多
一个webserver

webserver.png


打开**.**.**.**/

dianxin.png


果真电信
dns,百度这些地址全部电信

dns.png


还有BGP 好大的网络

bgp.png


**.**.**.**段的居然是美国的地址,还有美国的路由。。。

漏洞证明:

CD-SLXNMZDXXYW-BRAS-01.MAN.M6000#show runn
CD-SLXNMZDXXYW-BRAS-01.MAN.M6000#show running-config
!<mim>
!configuration saved at 18:10:38 Fri Jul 24 2015 by write txt
!configuration saved at 18:10:38 Fri Jul 24 2015 by write zdb
!last configuration change at 15:29:35 Mon Jul 13 2015 by zxr10
!</mim>
!<system-config>
hostname CD-SLXNMZDXXYW-BRAS-01.MAN.M6000
load-mode txt
nvram boot-server **.**.**.**
nvram default-gateway **.**.**.**
nvram boot-username m6000
nvram ftp-path /
!</system-config>
!<if-intf>
interface xgei-0/0/0/1
  description uT:CD-CD-XH14F-CR-01.MAN.NE5000E:(KX2014-07-11152 N048769375)10GE 
1/1/1/0
  no shutdown
$
interface xgei-0/0/0/1.4000
  description uT:CD-CD-XH14F-CR-01.MAN.NE5000E:(KX2014-07-11152 N048769375)10GE 
1/1/1/0.4000
  ip address **.**.**.** **.**.**.**
$        
interface xgei-0/0/0/2
$
interface gei-0/0/1/1
  no shutdown
$
interface gei-0/0/1/2
  no shutdown
$
interface gei-0/0/1/3
  no shutdown
$
interface gei-0/0/1/4
  no shutdown
$
interface gei-0/0/1/5
  no shutdown
$
interface gei-0/0/1/6
  no shutdown
$
interface gei-0/0/1/7
$
interface gei-0/0/1/8
$
interface gei-0/0/1/9
$
interface gei-0/0/1/10
$
interface gei-0/0/1/11
$
interface gei-0/0/1/12
$
interface gei-0/0/1/13
$
interface gei-0/0/1/14
$
interface gei-0/0/1/15
$
interface gei-0/0/1/16
$
interface gei-0/0/1/17
$
interface gei-0/0/1/18
$
interface gei-0/0/1/19
$        
interface gei-0/0/1/20
$
interface xgei-0/1/0/1
  description uT:CD-CD-BS11F-CR-01.MAN.NE5000E-X16:(KX2014-07-11214 N040809398)1
0GE 2/14/0/1
  no shutdown
$
interface xgei-0/1/0/1.4000
  description uT:CD-CD-BS11F-CR-01.MAN.NE5000E-X16:(KX2014-07-11214 N040809398)1
0GE 2/14/0/1.4000
  ip address **.**.**.** **.**.**.**
$
interface xgei-0/1/0/2
  description T1200:xgei_5/1
$
interface gei-0/1/1/1
  no shutdown
$
interface gei-0/1/1/2
  no shutdown
$
interface gei-0/1/1/2.1
  description wifi
$
interface gei-0/1/1/3
  description 5200f
  ip address **.**.**.** **.**.**.**
  no shutdown
$
interface gei-0/1/1/4
$
interface gei-0/1/1/5
$
interface gei-0/1/1/6
$
interface gei-0/1/1/7
$
interface gei-0/1/1/8
$
interface gei-0/1/1/9
$
interface gei-0/1/1/10
$
interface gei-0/1/1/11
$
interface gei-0/1/1/12
$
interface gei-0/1/1/13
$
interface gei-0/1/1/14
$
interface gei-0/1/1/15
$
interface gei-0/1/1/16
$
interface gei-0/1/1/17
$
interface gei-0/1/1/18
$
interface gei-0/1/1/19
$
interface gei-0/1/1/20
  no shutdown
$
interface mgmt_eth
  ip address **.**.**.** **.**.**.**
$
interface loopback1
  ip address **.**.**.** **.**.**.**
$
interface loopback2
  ip address **.**.**.** **.**.**.**
$
interface null1
$
interface smartgroup1
$
interface smartgroup1.1
$
interface smartgroup1.100
$
interface smartgroup1.101
$
interface smartgroup1.102
  description t64g
  ip address **.**.**.** **.**.**.**
$
interface smartgroup1.103
  ip address **.**.**.** **.**.**.**
$
interface smartgroup3
$        
interface smartgroup3.1
$
interface smartgroup3.2
$
interface smartgroup3.3
  ip address **.**.**.** **.**.**.**
$
interface smartgroup3.4
$
interface smartgroup3.5
$
interface smartgroup3.6
  description wuxian-wife-pppoe
$
interface smartgroup3.7
$
interface supervlan4
  ip address **.**.**.** **.**.**.**
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
$
interface vbui1
  ip address **.**.**.** **.**.**.**
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
$
interface vbui7
  ip address **.**.**.** **.**.**.**
$
interface vbui100
  ip address **.**.**.** **.**.**.**
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
  ip address **.**.**.** **.**.**.** secondary
$
!</if-intf>
!<port-physical-config>
interface gei-0/0/1/5
  negotiation negotiation-force
$
interface gei-0/0/1/6
  negotiation negotiation-force
$
interface gei-0/1/1/1
  negotiation negotiation-force
$
interface gei-0/1/1/3
  negotiation negotiation-force
$
interface gei-0/1/1/20
  negotiation negotiation-force
  speed speed-100M
$
!</port-physical-config>
!<switchvlan>
switchvlan-configuration
  vlan 1
  $
$
!</switchvlan>
!<lacp>  
lacp
  interface gei-0/0/1/1
    smartgroup 3 mode on
  $
  interface gei-0/0/1/2
    smartgroup 3 mode on
  $
  interface gei-0/0/1/3
    smartgroup 3 mode on
  $
  interface gei-0/0/1/4
    smartgroup 3 mode on
  $
  interface gei-0/0/1/5
    smartgroup 3 mode on
  $
  interface gei-0/0/1/6
    smartgroup 3 mode on
  $
  interface gei-0/1/1/1
    smartgroup 1 mode on
  $
$        
!</lacp>
!<portal>
subscriber-manage
  portal
    user-url-support disable
    web-method mixer
  $
  web-server 1
    ip-addr **.**.**.**
    uas-ip **.**.**.** interface loopback1
    version v2
  $
$
!</portal>
!<pppox>
subscriber-manage
  pppox-cfg 1
    ppp keepalive timer 60 count 5
    ppp quick-redial enable
  $
$
!</pppox>
!<vlan>  
vlan-configuration
  interface xgei-0/0/0/1.4000
    encapsulation-dot1q 4000
  $
  interface xgei-0/1/0/1.4000
    encapsulation-dot1q 4000
  $
  interface gei-0/1/1/2.1
    encapsulation-dot1q range 1111-1119
  $
  interface smartgroup1.100
    encapsulation-dot1q 5
  $
  interface smartgroup1.101
    encapsulation-dot1q 1000
  $
  interface smartgroup1.102
    encapsulation-dot1q 6
  $
  interface smartgroup1.103
    encapsulation-dot1q 7
  $
  interface smartgroup3.1
    user-dynamic-vlan any-other-qinq
    qinq range internal-vlan-range 100-1500 external-vlan-range 1201-1215
    qinq range internal-vlan-range 100-2200 external-vlan-range 2601-2613
  $
  interface smartgroup3.2
    user-dynamic-vlan any-other-qinq
    qinq range internal-vlan-range 100-1500 external-vlan-range 1216
    qinq range internal-vlan-range 100-1500 external-vlan-range 1230-1239
    qinq range internal-vlan-range 100-2200 external-vlan-range 2614-2618
    qinq range internal-vlan-range 100-2200 external-vlan-range 2620
    qinq range internal-vlan-range 100-1500 external-vlan-range 2621-2629
    qinq range internal-vlan-range 2800-2950 external-vlan-range 1216
    qinq range internal-vlan-range 2900-2950 external-vlan-range 2614
    qinq range internal-vlan-range 2951-2952 external-vlan-range 350
  $
  interface smartgroup3.3
    encapsulation-dot1q 46
  $
  interface smartgroup3.4
    encapsulation-dot1q range 351
    encapsulation-dot1q range 354-355
    encapsulation-dot1q range 357
    encapsulation-dot1q range 361-366
    encapsulation-dot1q range 370-379
    encapsulation-dot1q range 2619
  $
  interface smartgroup3.5
    user-dynamic-vlan any-other-qinq
    qinq range internal-vlan-range 100-1341 external-vlan-range 1217-1229
    qinq range internal-vlan-range 100-1341 external-vlan-range 2229-2240
  $
  interface smartgroup3.6
    user-dynamic-vlan any-other-qinq
    qinq range internal-vlan-range 2201-2240 external-vlan-range 2201-2240
  $
  interface smartgroup3.7
    user-dynamic-vlan any-other-qinq
    qinq range internal-vlan-range 100-2000 external-vlan-range 320-390
  $
$
!</vlan>
!<ipv4-acl>
ipv4-access-list ZZ0_XY
  rule 1 deny ip any **.**.**.** **.**.**.**
  rule 2 permit ip any any
$        
ipv4-access-list xyw_wifi-acl
  rule 10 permit ip any **.**.**.** **.**.**.**
  rule 20 permit ip any **.**.**.** **.**.**.**
  rule 30 permit ip any **.**.**.** **.**.**.**
  rule 40 permit ip any **.**.**.** **.**.**.**
  rule 50 permit ip any **.**.**.** **.**.**.**
  rule 60 permit ip any **.**.**.** **.**.**.**
  rule 70 permit ip any **.**.**.** **.**.**.**
  rule 80 permit ip any **.**.**.** **.**.**.**
  rule 90 permit ip any **.**.**.** **.**.**.**
  rule 100 permit ip any **.**.**.** **.**.**.**
  rule 110 permit ip any **.**.**.** **.**.**.**
  rule 120 permit ip any **.**.**.** **.**.**.**
  rule 130 permit ip any **.**.**.** **.**.**.**
  rule 140 permit ip any **.**.**.** **.**.**.**
  rule 150 permit ip any **.**.**.** **.**.**.**
  rule 160 permit ip any **.**.**.** **.**.**.**
  rule 170 permit ip any **.**.**.** **.**.**.**
$
!</ipv4-acl>
!<adm-mgr>
enable secret level 15 5 RcMLuUKvnFZX9kNAV6A/UA==
system-user
  authorization-template 1
    bind aaa-authorization-template 2001
    local-privilege-level 15
  $
  authorization-template 2
    bind aaa-authorization-template 2001
    local-privilege-level 7
  $
  authentication-template 1
    bind aaa-authentication-template 2001
  $
  user-name sc_chengdu
    bind authentication-template 1
    bind authorization-template 1
    password encrypted 90f7ec2b27e4737891ad3ad19860fb82be819f493299b9faa75157178
fe70e05
  $
  user-name sc_noc
    bind authentication-template 1
    bind authorization-template 1
    password encrypted 28b88852daa7cb69b9e37d951e59c4a9127c55b49d05f4daf4bfcf785
68928af
  $      
  user-name sc_nocshow
    bind authentication-template 1
    bind authorization-template 2
    password encrypted 0336864f3e137a4c9704e59afcd65f95fa3c4354c704e568cccc1e081
f481452
  $
  user-name tongbu
    bind authentication-template 1
    bind authorization-template 1
    password encrypted c033f00941d73ba4bd4675b343e0aa0dee0aab9620cfac294cf86cb43
6067554
  $
  user-name zte
    bind authentication-template 1
    bind authorization-template 1
    password encrypted ce7c04930c52bfe1669f6c229ef61b761ec847e5b3052bdb51456385b
b2a9a57
  $
  user-name zxr10
    bind authentication-template 1
    bind authorization-template 1
    password encrypted 101e800d634333665a2fa6cdf0cfbdb57bc6fca540ac3f280b6d898e3
5407a30  
  $
$
!</adm-mgr>
!<dhcp>
dhcp
  enable
$
!</dhcp>
!<radius>
radius authentication-group 1
  filter-id direction in
  nas-ip-address **.**.**.**
  nas-port-id-format class2
  server 1 **.**.**.** master key encrypted BBFD3FAACDA314411F71845759F4B2EB4
AAED7FD9FB57C7BD41A198321614800 port 1814
  server 2 **.**.**.** key encrypted BBFD3FAACDA314411F71845759F4B2EB4AAED7FD9
FB57C7BD41A198321614800 port 1814
  user-name-format original
$
radius authentication-group 3
  nas-ip-address **.**.**.**
  server 1 **.**.**.** master key encrypted BBFD3FAACDA314411F71845759F4B2EB4
AAED7FD9FB57C7BD41A198321614800 port 1912
  server 2 **.**.**.** key encrypted BBFD3FAACDA314411F71845759F4B2EB4AAED7FD9FB
57C7BD41A198321614800 port 1912
  user-name-format include-domain
$
radius authentication-group 2000
  server 1 **.**.**.** key encrypted 04C820BCF8AB18D71110ED833614A362EBACAA2EDE99C51
CC9B31C523A9B1CEA port 1814
  server 2 **.**.**.** key encrypted 04C820BCF8AB18D71110ED833614A362EBACAA2EDE99C51
CC9B31C523A9B1CEA port 1814
  server 3 **.**.**.** key encrypted BBFD3FAACDA314411F71845759F4B2EB4AAED7FD9FB57C7
BD41A198321614800 port 1814
  server 4 **.**.**.** key encrypted BBFD3FAACDA314411F71845759F4B2EB4AAED7FD9FB57C7
BD41A198321614800 port 1814
$
radius accounting-group 1
  local-buffer enable
  nas-ip-address **.**.**.**
  nas-port-id-format class2
  server 1 **.**.**.** master key encrypted BBFD3FAACDA314411F71845759F4B2EB4
AAED7FD9FB57C7BD41A198321614800 port 1815
  server 2 **.**.**.** key encrypted BBFD3FAACDA314411F71845759F4B2EB4AAED7FD9
FB57C7BD41A198321614800 port 1815
  user-name-format original
$
radius accounting-group 3
  nas-ip-address **.**.**.**
  server 1 **.**.**.** master key encrypted BBFD3FAACDA314411F71845759F4B2EB4
AAED7FD9FB57C7BD41A198321614800 port 1913
  server 2 **.**.**.** key encrypted BBFD3FAACDA314411F71845759F4B2EB4AAED7FD9FB
57C7BD41A198321614800 port 1913
  user-name-format include-domain
$
!</radius>
!<aaa>
aaa-accounting-template 1
  aaa-accounting-type radius
  accounting-radius-group first 1
$
aaa-accounting-template 3
  aaa-accounting-type radius
  accounting-radius-group first 3
$
aaa-authentication-template 1
  aaa-authentication-type radius
  authentication-radius-group 1
$        
aaa-authentication-template 3
  aaa-authentication-type radius
  authentication-radius-group 3
$
aaa-authentication-template 2001
  aaa-authentication-type local
$
aaa-authorization-template 1
  aaa-authorization-type radius
$
aaa-authorization-template 3
  aaa-authorization-type radius
$
aaa-authorization-template 2001
  aaa-authorization-type local
$
!</aaa>
!<supervlan>
supervlan
  interface supervlan4
    inter-subvlan-routing enable
  $
  interface smartgroup1.100
    supervlan 4
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.**1 **.**.**.**2
    vlanpool **.**.**.**00 **.**.**.**23
    vlanpool **.**.**.**30 **.**.**.**47
    vlanpool **.**.**.**50 **.**.**.**79
    vlanpool **.**.**.**00 **.**.**.**00
  $
  interface smartgroup1.101
    supervlan 4
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.** **.**.**.**
    vlanpool **.**.**.** **.**.**.**
  $
$
!</supervlan>
!<cps>
control-plane-security
  ctm rate-limit destcpu PFU-0/0/0 board PFU-0/0 up-ctm cir 4000 cbs 128 eir 400
0
  ctm rate-limit destcpu PFU-0/1/0 board PFU-0/1 up-ctm cir 4000 cbs 128 eir 400
0
$
!</cps>
!<aim>
subscriber-manage
  authentication-template 1
    authentication-radius-group 1
    authentication-type radius
  $
  authentication-template 3
    authentication-radius-group 3
    authentication-type radius
  $
  authorization-template 1
    access-list-input ipv4 ZZ0_XY
    authorization-type mix-radius
    sub-car-input ipv4 cir 1024 cbs 100 pir 1024 pbs 100
    sub-car-output ipv4 cir 2048 cbs 100 pir 2048 pbs 100
  $
  authorization-template 3
    authorization-type mix-radius
    sub-car-input ipv4 cir 1024 cbs 100 pir 1024 pbs 100
    sub-car-output ipv4 cir 2048 cbs 100 pir 2048 pbs 100
  $
  accounting-template 1
    accounting-radius-group first 1
    accounting-type radius
    l2tp-accounting class2
  $
  accounting-template 3
    accounting-radius-group first 3
    accounting-type radius
  $
  domain 96301
    bind accounting-template 1
    bind authentication-template 1
    bind authorization-template 1
  $
  domain CAMPUSMOBILE
    bind accounting-template 1
    bind authentication-template 1
    bind authorization-template 1
  $      
  domain campusmobile
    bind accounting-template 1
    bind authentication-template 1
    bind authorization-template 1
  $
  domain sp
    bind accounting-template 1
    bind authentication-template 1
    bind authorization-template 1
  $
  domain wlan
    bind accounting-template 3
    bind authentication-template 3
    bind authorization-template 3
  $
  sal 1
    default domain 96301
    permit domain sp
    none domain 96301 keep
  $
  sal 2
    default domain sp
    permit domain sp
    permit domain wlan
    none domain wlan keep
  $
$
!</aim>
!<uim>
vbui-configuration
  interface vbui1
  $
  interface vbui7
  $
  interface vbui100
    web-acl xyw_wifi-acl
    web-force authentication
    web-server 1
  $
$
vcc-configuration
  interface gei-0/1/1/2.1
    pre-domain wlan
    bind sal 2
    ipox authentication-type ipv4 dhcpv4 web
    encapsulation multi
    pppox template 1
  $
  interface gei-0/1/1/20
    pre-domain CAMPUSMOBILE
    bind sal 1
    ipox authentication-type ipv4 dhcpv4 web
    encapsulation multi
    pppox template 1
  $
  interface smartgroup1.1
    encapsulation multi
  $
  interface smartgroup3.1
    bind sal 1
    encapsulation ppp-over-ethernet
    pppox template 1
  $
  interface smartgroup3.2
    bind sal 1
    encapsulation ppp-over-ethernet
    pppox template 1
  $
  interface smartgroup3.4
    pre-domain wlan
    bind sal 1
    ipox authentication-type ipv4 dhcpv4 web
    encapsulation multi
    pppox template 1
  $
  interface smartgroup3.5
    bind sal 1
    encapsulation ppp-over-ethernet
    pppox template 1
  $
  interface smartgroup3.6
    pre-domain CAMPUSMOBILE
    bind sal 1
    ipox authentication-type ipv4 dhcpv4 web
    encapsulation multi
    pppox template 1
  $
  interface smartgroup3.7
    bind sal 1
    encapsulation ppp-over-ethernet
    pppox template 1
  $      
$
!</uim>
!<am>
vbui-configuration
  interface vbui1
    ip-pool pool-name cdxnmy-internetpool-1 pool-id 1
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-2 pool-id 2
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-3 pool-id 3
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**52
      $
    $
    ip-pool pool-name cdxnmy-internetpool-4 pool-id 4
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-5 pool-id 5
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-6 pool-id 6
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-7 pool-id 7
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-8 pool-id 8
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $    
    ip-pool pool-name cdxnmy-internetpool-9 pool-id 9
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-10 pool-id 10
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-11 pool-id 11
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $  
    $
    ip-pool pool-name cdxnmy-internetpool-12 pool-id 12
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-13 pool-id 13
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-14 pool-id 14
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-15 pool-id 15
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-16 pool-id 16
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-17 pool-id 17
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-18 pool-id 18
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**26
      $
    $
    ip-pool pool-name cdxnmy-internetpool-19 pool-id 19
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**26
      $
    $
    ip-pool pool-name cdxnmy-internetpool-20 pool-id 20
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-21 pool-id 21
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-22 pool-id 22
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-internetpool-23 pool-id 23
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-24 pool-id 24
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-25 pool-id 25
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
    ip-pool pool-name cdxnmy-internetpool-26 pool-id 26
      access-domain 96301
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**
      $
    $
  $
  interface vbui7
    ip-pool pool-name wifi pool-id 71
      access-domain wlan
      access-domain sp
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
  $
  interface vbui100
    ip-pool pool-name cdxnmy-wlanpool-1 pool-id 101
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-2 pool-id 102
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-3 pool-id 103
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-4 pool-id 104
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-5 pool-id 105
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-6 pool-id 106
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-7 pool-id 107
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-8 pool-id 108
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-9 pool-id 109
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-10 pool-id 110
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
    ip-pool pool-name cdxnmy-wlanpool-11 pool-id 111
      access-domain CAMPUSMOBILE
      pppoe-dns-server **.**.**.**
      pppoe-dns-server **.**.**.** second
      member 1
        start-ip **.**.**.** end-ip **.**.**.**54
      $
    $
  $
$
!</am>
!<bgp>
router bgp 65210
  synchronization disable
  maximum-paths 8
  maximum-paths ibgp 8
  bgp router-id **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  network **.**.**.** **.**.**.**
  neighbor CD_MAN_BAS_All peer-group
  neighbor CD_MAN_BAS_All remote-as 65210
  neighbor CD_MAN_BAS_All activate
  neighbor CD_MAN_BAS_All update-source loopback1
  neighbor CD_MAN_BAS_All password encrypted APbLRfsC2ICdUcDVGzua8K1A3uzCjwiVVRk
QYJttLzcsbFk+az6/fY4YLoArIBVT5NM7gZBIGkiXJha2gExMc7nYsFCZuavlGx/wiq+SwBg=
  neighbor **.**.**.** peer-group CD_MAN_BAS_All
  neighbor **.**.**.** description CD-CD-XH14F-IPV4RR-01.MAN.NE40E
  neighbor **.**.**.** next-hop-self
  neighbor **.**.**.** peer-group CD_MAN_BAS_All
  neighbor **.**.**.** description CD-CD-BS11F-IPV4RR-01.MAN.NE80E
  neighbor **.**.**.** next-hop-self
  address-family ipv4 multicast
  $
  address-family l2vpn vpls
  $
  address-family vpnv4
  $
  address-family vpnv4 mcast
  $
  address-family vpnv4 multicast
  $
  address-family ipv6
    synchronization disable
  $
  address-family ipv6 multicast
  $
  address-family vpnv6
  $
  address-family route-target
  $
$
!</bgp>
!<ospfv2>
router ospf 1
  auto-cost reference-bandwidth 100000
  interface xgei-0/0/0/1.4000
    authentication message-digest
    message-digest-key 1 md5 encrypted A1xeHOpOarUz8KG6aQpB5A==
    network point-to-point
  $
  interface xgei-0/1/0/1.4000
    authentication message-digest
    message-digest-key 1 md5 encrypted A1xeHOpOarUz8KG6aQpB5A==
    network point-to-point
  $      
  maximum-paths 8
  network **.**.**.** **.**.**.** area **.**.**.**
  network **.**.**.** **.**.**.** area **.**.**.**
  network **.**.**.** **.**.**.** area **.**.**.**
  network **.**.**.** **.**.**.** area **.**.**.**
  router-id **.**.**.**
$
!</ospfv2>
!<static>
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
ip route **.**.**.** **.**.**.** **.**.**.**
!</static>

修复方案:

1、关掉telnet,换成ssh管理
2、限制登录的ip,只让内网ip登录
3、删除banner,或更换默认banner
4、用户名密码不能是默认的,换成复杂度高的

版权声明:转载请注明来源 zkk@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-09-11 14:00

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无