基于静态分析和模糊测试的路由器漏洞检测方法OACSTPCD

Network attacks targeting router devices often have serious consequences.Fuzzing testing is an effective method to detect security vulnerabilities in router devices.However,without sufficient analysis of the firmware of the target device,fuzzy testing is often blind and ineffective.In this paper,we propose a method of using static analysis assisted fuzzy testing to detect vulnerabilities in router devices.Specifically,the results generated by static analysis are used to construct more effective test cases to fuzz the web interface of the router device.Our opinion is that there is a lot of useful information hidden in the router firmware.We use static analysis to extract the possible loopholes in the program code to build test cases and improve the efficiency of fuzzing.We implemented a prototype system and tested it on 46 router firmware from 4 mainstream router vendors,and found 16 vulnerabilities,4 of which were 0-day vulnerabilities.The results show that our system can detect vulnerabilities that cannot be detected by existing vulnerability detection tools compared to advanced automated vulnerability mining methods.