{"id":4105,"date":"2026-01-07T16:59:54","date_gmt":"2026-01-07T08:59:54","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=4105"},"modified":"2026-01-07T18:06:28","modified_gmt":"2026-01-07T10:06:28","slug":"d-link-%e8%80%81%e8%88%8a-dsl-%e8%b7%af%e7%94%b1%e5%99%a8%e7%88%86%e5%87%ba%e9%9b%b6%e6%97%a5%e6%bc%8f%e6%b4%9e%ef%bc%9a%e5%b7%b2%e9%81%ad%e9%8e%96%e5%ae%9a%e6%94%bb%e6%93%8a%e3%80%81%e7%84%a1","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=4105","title":{"rendered":"D-Link \u8001\u820a DSL \u8def\u7531\u5668\u7206\u51fa\u96f6\u65e5\u6f0f\u6d1e\uff1a\u5df2\u906d\u9396\u5b9a\u653b\u64ca\u3001\u7121\u4fee\u88dc\u53ef\u7528"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"811\" height=\"456\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image.png\" alt=\"\" class=\"wp-image-4106\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image.png 811w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image-300x169.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2026\/01\/image-768x432.png 768w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><figcaption class=\"wp-element-caption\">Photo Credit: BleepingComputer<\/figcaption><\/figure>\n\n\n\n<p>\u64da\u8cc7\u5b89\u5a92\u9ad4BleepingComputer<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks\/\">\u5831\u9053<\/a>\u8cc7\u5b89\u793e\u7fa4\u8fd1\u65e5\u63ed\u9732\u4e00\u9805\u6b63\u5728\u88ab<strong>\u5be6\u969b\u5229\u7528<\/strong>\u7684\u65b0\u6f0f\u6d1e\uff0c\u76ee\u6a19\u76f4\u6307 <strong>\u591a\u6b3e D-Link <\/strong><strong>\u5df2\u9000\u5f79\uff08EoL<\/strong><strong>\uff09\u7684 DSL <\/strong><strong>\u5bb6\u7528\u9598\u9053\u5668<\/strong>\u3002\u7531\u65bc\u9019\u4e9b\u8a2d\u5099\u65e9\u5728\u6578\u5e74\u524d\u505c\u6b62\u7dad\u8b77\uff0c\u7121\u6cd5\u53d6\u5f97\u5b89\u5168\u66f4\u65b0\uff0c\u5c0d\u4f7f\u7528\u8005\u69cb\u6210\u6975\u9ad8\u98a8\u96aa\u3002<\/p>\n\n\n\n<p>\u9019\u9805\u6f0f\u6d1e\u5df2\u88ab\u7de8\u5217\u70ba <strong>CVE-2026-0625<\/strong>\uff0c\u6838\u5fc3\u554f\u984c\u6e90\u65bc <strong>dnscfg.cgi<\/strong> \u7aef\u9ede\u5728\u8655\u7406\u8f38\u5165\u6642\u7f3a\u4e4f\u56b4\u8b39\u7684\u6aa2\u67e5\uff0c\u5c0e\u81f4\u653b\u64ca\u8005\u80fd\u900f\u904e DNS \u8a2d\u5b9a\u53c3\u6578\uff0c\u6ce8\u5165\u60e1\u610f\u6307\u4ee4\u4e26<strong>\u9060\u7aef\u57f7\u884c\u7cfb\u7d71\u547d\u4ee4\uff08<\/strong><strong>RCE<\/strong><strong>\uff09<\/strong>\u3002\u66f4\u7cdf\u7cd5\u7684\u662f\uff0c\u653b\u64ca\u4e0d\u9700\u8a8d\u8b49\uff0c\u4efb\u4f55\u4eba\u7686\u53ef\u76f4\u63a5\u89f8\u767c\u3002<\/p>\n\n\n\n<p><strong>\u6f0f\u6d1e\u4f86\u6e90\u8207\u653b\u64ca\u8de1\u8c61<\/strong><\/p>\n\n\n\n<p>\u6f0f\u6d1e\u6700\u521d\u7531 The Shadowserver Foundation \u65bc\u871c\u7db2\u74b0\u5883\u4e2d\u5075\u6e2c\u5230\u653b\u64ca\u884c\u70ba\uff0c\u4e26\u7531\u6f0f\u6d1e\u60c5\u5831\u55ae\u4f4d VulnCheck \u9032\u4e00\u6b65\u78ba\u8a8d\u5f8c\u65bc 12 \u6708 15 \u65e5\u901a\u5831 D-Link\u3002<\/p>\n\n\n\n<p>VulnCheck \u6307\u51fa\uff0cShadowserver \u6355\u6349\u5230\u7684\u653b\u64ca\u6280\u5de7\u904e\u53bb\u672a\u66fe\u516c\u958b\uff0c\u800c <a href=\"https:\/\/supportannouncement.us.dlink.com\/security\/publication.aspx?name=SAP10488\" title=\"\">D-Link<\/a> \u8207 <a href=\"https:\/\/www.vulncheck.com\/advisories\/dlink-dsl-command-injection-via-dns-configuration-endpoint\" title=\"\">VulnCheck <\/a>\u4e5f\u78ba\u8a8d\u653b\u64ca\u6210\u529f\u5f8c\u6703\u5c0e\u81f4\u5b8c\u6574\u7684<strong>\u7cfb\u7d71\u6307\u4ee4\u63a7\u5236\u6b0a\u9650\u5916\u6cc4<\/strong>\u3002<\/p>\n\n\n\n<p>VulnCheck \u5831\u544a\u5f37\u8abf\uff1a\u300c\u672a\u7d93\u8a8d\u8b49\u8005\u5373\u53ef\u6ce8\u5165\u4e26\u57f7\u884c\u4efb\u610f Shell \u6307\u4ee4\uff0c\u6700\u7d42\u5c0e\u81f4\u9060\u7aef\u4ee3\u78bc\u57f7\u884c\u3002\u300d<\/p>\n\n\n\n<p><strong>\u53d7\u5f71\u97ff\u6a5f\u7a2e\uff08\u7686\u5df2 EoL<\/strong><strong>\uff0c\u7121\u6cd5\u518d\u7372\u66f4\u65b0\uff09<\/strong><\/p>\n\n\n\n<p>D-Link \u5df2\u78ba\u8a8d\u4e0b\u5217\u578b\u865f\u8207\u7248\u672c\u53d7\u5230 CVE-2026-0625 \u7684\u5f71\u97ff\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>\u578b\u865f<\/strong><\/td><td><strong>\u53d7\u5f71\u97ff\u7248\u672c<\/strong><\/td><\/tr><\/thead><tbody><tr><td>DSL-526B<\/td><td>\u2264 2.01<\/td><\/tr><tr><td>DSL-2640B<\/td><td>\u2264 1.07<\/td><\/tr><tr><td>DSL-2740R<\/td><td>&lt; 1.17<\/td><\/tr><tr><td>DSL-2780B<\/td><td>\u2264 1.01.14<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u4e0a\u8ff0\u7522\u54c1\u7686\u5728 <strong>2020 <\/strong><strong>\u5e74\u524d\u5f8c\u505c\u6b62\u7dad\u8b77\uff08EoL<\/strong><strong>\uff09<\/strong>\uff0c\u4e0d\u518d\u63d0\u4f9b\u5b89\u5168\u66f4\u65b0\u3002<br>\u63db\u53e5\u8a71\u8aaa\uff0c<strong>\u5b98\u65b9\u4e0d\u6703\u4fee\u88dc\u9019\u500b\u6f0f\u6d1e<\/strong>\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/supportannouncement.us.dlink.com\/security\/publication.aspx?name=SAP10488\" title=\"\">D-Link<\/a> \u76ee\u524d\u4ecd\u5728\u91d0\u6e05\u66f4\u820a\u6216\u5340\u57df\u578b\u865f\u662f\u5426\u4e5f\u53d7\u5f71\u97ff\uff0c\u4f46\u5766\u8a00\u7522\u54c1\u4e16\u4ee3\u8207\u56fa\u4ef6\u7248\u672c\u7e41\u591a\uff0c\u4f7f\u5f97\u8b58\u5225\u56f0\u96e3\u5ea6\u4e0a\u5347\u3002<\/p>\n\n\n\n<p><strong>\u653b\u64ca\u689d\u4ef6\u8207\u98a8\u96aa\u8a55\u4f30<\/strong><\/p>\n\n\n\n<p>\u591a\u6578\u5bb6\u7528 DSL \u8def\u7531\u5668\u7684 CGI \u7ba1\u7406\u4ecb\u9762\uff08\u5982 dnscfg.cgi\uff09\u9810\u8a2d\u50c5\u80fd\u5728\u5340\u57df\u7db2\u8def\uff08LAN\uff09\u5b58\u53d6\uff0c\u56e0\u6b64\u653b\u64ca\u8005\u6709\u5169\u7a2e\u53ef\u80fd\u65b9\u5f0f\uff1a<\/p>\n\n\n\n<p><strong>\u700f\u89bd\u5668\u70ba\u5165\u53e3\u7684\u653b\u64ca\u93c8\uff08browser-based attack<\/strong><strong>\uff09<\/strong><\/p>\n\n\n\n<p>\u5229\u7528\u60e1\u610f\u7db2\u7ad9\u6216 XSS \u7d50\u5408\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u4f7f\u7528\u8005\u700f\u89bd\u60e1\u610f\u9801\u9762<\/li>\n\n\n\n<li>\u653b\u64ca\u8005\u900f\u904e\u700f\u89bd\u5668\u5411\u8def\u7531\u5668\u7ba1\u7406\u7aef\u9ede\u767c\u9001\u60e1\u610f\u8acb\u6c42<\/li>\n\n\n\n<li>\u9060\u7aef\u53d6\u5f97\u88dd\u7f6e\u63a7\u5236\u6b0a<\/li>\n<\/ul>\n\n\n\n<p><strong>\u88dd\u7f6e\u958b\u555f\u9060\u7aef\u7ba1\u7406\uff08WAN administration<\/strong><strong>\uff09<\/strong><\/p>\n\n\n\n<p>\u82e5\u4f7f\u7528\u8005\u555f\u7528 WAN \u7aef\u7ba1\u7406\u4ecb\u9762\uff0c\u8a2d\u5099\u5c07\u53ef\u88ab\u5916\u90e8\u76f4\u63a5\u6383\u63cf\u3001\u653b\u64ca\uff0c\u98a8\u96aa\u66f4\u9ad8\u3002<\/p>\n\n\n\n<p><strong>\u8cc7\u5b89\u5c08\u5bb6\u5efa\u8b70\uff1a\u7acb\u5373\u6c70\u63db\u3001\u505c\u6b62\u66b4\u9732\u65bc\u7db2\u969b\u7db2\u8def<\/strong><\/p>\n\n\n\n<p>\u5c0d\u5df2\u7d93 EoL \u7684\u7db2\u901a\u8a2d\u5099\uff0c\u8cc7\u5b89\u98a8\u96aa\u4e26\u4e0d\u53ea\u662f\u300c\u7f3a\u4e4f\u65b0\u529f\u80fd\u300d\uff0c\u800c\u662f\uff1a<\/p>\n\n\n\n<p><strong>\u7121\u5b89\u5168\u88dc\u4e01<\/strong><\/p>\n\n\n\n<p><strong>\u7121\u7dad\u8b77\u3001\u7121\u76e3\u63a7<\/strong><\/p>\n\n\n\n<p><strong>\u5df2\u77e5\u6f0f\u6d1e\u5c07\u6301\u7e8c\u88ab\u653b\u64ca\u8005\u5229\u7528<\/strong><\/p>\n\n\n\n<p>\u56e0\u6b64\u5efa\u8b70\uff1a<\/p>\n\n\n\n<p><strong>\uff081<\/strong><strong>\uff09\u7acb\u5373\u66f4\u63db\u70ba\u4ecd\u53d7\u652f\u63f4\u7684\u8a2d\u5099<\/strong><\/p>\n\n\n\n<p>\u4f7f\u7528\u53ef\u6301\u7e8c\u66f4\u65b0\u56fa\u4ef6\u7684\u7522\u54c1\uff0c\u5305\u542b\u5b89\u5168\u4fee\u88dc\u8207\u6f0f\u6d1e\u9632\u8b77\u3002<\/p>\n\n\n\n<p><strong>\uff082<\/strong><strong>\uff09\u82e5\u66ab\u6642\u7121\u6cd5\u6c70\u63db\uff0c\u81f3\u5c11\u9032\u884c\u4ee5\u4e0b\u8a2d\u5b9a<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u95dc\u9589\u9060\u7aef\u7ba1\u7406\uff08Remote Management \/ WAN Access\uff09<\/li>\n\n\n\n<li>\u5c07\u8a2d\u5099\u90e8\u7f72\u5728\u975e\u95dc\u9375\u7db2\u8def\uff08\u5982\u9694\u96e2\u5340\u6bb5\uff09<\/li>\n\n\n\n<li>\u4f7f\u7528\u6700\u65b0\u53ef\u5f97\u7684\u820a\u7248\u56fa\u4ef6<\/li>\n\n\n\n<li>\u5efa\u7f6e\u7db2\u8def\u5c64 ACL\u3001\u963b\u64cb\u5916\u90e8\u7ba1\u7406\u9023\u7dda<\/li>\n\n\n\n<li>\u555f\u7528\u7db2\u6bb5\u9694\u96e2\uff08LAN segmentation\uff09<\/li>\n<\/ul>\n\n\n\n<p><strong>\u7d50\u8a9e\uff1a\u8001\u820a\u8a2d\u5099\u662f\u653b\u64ca\u8005\u6700\u5bb9\u6613\u5f97\u624b\u7684\u5165\u53e3<\/strong><\/p>\n\n\n\n<p>\u672c\u6b21\u4e8b\u4ef6\u518d\u6b21\u63d0\u9192\u6240\u6709\u4f01\u696d\u8207\u5bb6\u5ead\u7528\u6236\uff1a<br><strong>\u7db2\u8def\u8a2d\u5099\u7684\u5b89\u5168\u751f\u547d\u9031\u671f\uff08Security Lifecycle<\/strong><strong>\uff09\u8207\u5176\u529f\u80fd\u58fd\u547d\u4e0d\u540c\u3002<\/strong><\/p>\n\n\n\n<p>\u5373\u4f7f\u8a2d\u5099\u4ecd\u80fd\u904b\u4f5c\uff0c\u53ea\u8981\u9032\u5165 EoL\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u98a8\u96aa\u4fbf\u6703\u96a8\u6642\u9593\u8207\u6f0f\u6d1e\u7d2f\u7a4d\u800c\u6025\u5287\u4e0a\u5347<\/li>\n\n\n\n<li>\u6210\u70ba\u653b\u64ca\u8005\u6700\u5bb9\u6613\u5229\u7528\u7684\u5165\u4fb5\u9ede\u4e4b\u4e00<\/li>\n<\/ul>\n\n\n\n<p>\u5728\u5a01\u8105\u74b0\u5883\u5feb\u901f\u6f14\u8b8a\u7684 2025\u20132026 \u5e74\uff0c\u6301\u7e8c\u4f7f\u7528\u505c\u66f4\u8a2d\u5099\u5df2\u4e0d\u518d\u53ea\u662f\u300c\u4e0d\u5efa\u8b70\u300d\uff0c\u800c\u662f\u660e\u78ba\u7684 <strong>\u9ad8\u98a8\u96aa\u884c\u70ba<\/strong>\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u64da\u8cc7\u5b89\u5a92\u9ad4BleepingComputer\u5831\u9053\u8cc7\u5b89\u793e\u7fa4\u8fd1\u65e5\u63ed\u9732\u4e00\u9805\u6b63\u5728\u88ab\u5be6\u969b\u5229\u7528\u7684\u65b0\u6f0f\u6d1e\uff0c\u76ee\u6a19\u76f4\u6307 \u591a\u6b3e D- <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=4105\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-4105","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4105"}],"version-history":[{"count":2,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4105\/revisions"}],"predecessor-version":[{"id":4109,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/4105\/revisions\/4109"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}