D-link DGS-1100-08PD v1.00.006 漏洞总结 漏洞概述 在 D-link DGS-1100-08PD v1.00.006 中,存在一个结构配置漏洞。设备将 和 属性设置为 权限,违反了最小权限原则。任何在 Web 界面中利用此漏洞的人都可以立即获得 root 访问权限,导致整个设备被完全控制。 影响范围 受影响产品: D-link DGS-1100-08PD v1.00.006 漏洞类型: 结构配置漏洞 具体影响: 设备将 和 属性设置为 权限,导致任何用户都可以通过 Web 界面获得 root 访问权限。 修复方案 官方文档: 参考 Box 官方文档 中的 2.4 安全部分。 建议措施: 确保 和 属性设置为适当的权限,避免使用 权限。 POC 代码 ```plaintext In the D-link DGS-1100-08PD v1.00.006, there is a structure configuration vulnerability. The device sets both box and group property in the box webserver configuration file to root permissions. This violates the principle of least privilege. Any exploit in the web interface can immediately grant root access, leading to total device compromise. Detail: In the D-link DGS-1100-08PD v1.00.006, the box webserver configuration file is as follows. User: The name of the user who will run as. Group: The group that the user will run as. User 8 Group 8 Within both User and Group properties are set to the root permissions. This violates the principle of least privilege. The official documentation of box (http://www.box.org/documentation/box-2.html) states the following requirements. 2.4 Security Box has been designed to use the existing file system security. In box.conf, the directives user and group determine who Box will run as, if launched by root. By default, the user/group is nobody/nogroup. This allows quite a bit of flexibility. For example, if you want to disallow access to otherwise accessible directories or files, simply make them inaccessible to nobody/nogroup. If the user that Box runs as is "box" and the groups that "box" belongs to include "web-stuff" then files/directories accessible by users with group "web-stuff" will also be accessible to Box.