Kwanan nan an fitar da mahimman bayanai akan rauni guda huɗu a cikin Abubuwan haɗin Realtek SDK, waɗanda masana'antun na'urorin mara waya daban -daban ke amfani da su a cikin firmware. Abubuwan da aka gano suna ba da damar maharin da ba a tabbatar da shi ba don aiwatar da lamba daga nesa akan na'urar da aka ɗaga.
An kiyasta cewa batutuwan sun shafi aƙalla samfuran na'urori 200 daga masu siyarwa daban -daban 65, gami da samfura daban-daban na masu amfani da hanyoyin sadarwa mara waya daga Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT -Link, Netgear, Realtek, Smartlink, UPVEL, ZTE da Zyxel.
Matsalar ya ƙunshi azuzuwan daban-daban na na'urorin mara waya na tushen RTL8xxx SoCDaga magudanar mara waya da amplifiers na Wi-Fi zuwa kyamarorin IP da na'urori masu wayo don sarrafa haske.
Na'urorin da ke kan kwakwalwan kwamfuta na RTL8xxx suna amfani da gine-gine wanda ya haɗa da shigar da SoCs guda biyu: na farko yana shigar da firmware na masana'anta na Linux, na biyun kuma yana gudanar da wani yanayi na Linux mara nauyi tare da aiwatar da ayyukan maƙasudin shiga. Yawan jama'ar muhallin na biyu ya dogara ne akan abubuwan da Realtek ke bayarwa a cikin SDK. Waɗannan abubuwan, a tsakanin sauran abubuwa, suna sarrafa bayanan da aka karɓa sakamakon aika buƙatun waje.
Ularfafawa ya shafi samfura ta amfani da Realtek SDK v2.x, Realtek "Jungle" SDK v3.0-3.4 da Realtek "Luna" SDK har zuwa sigar 1.3.2.
Dangane da ɓangaren bayanin raunin da aka gano, yana da mahimmanci a ambaci cewa an sanya na farko biyun matakin 8.1 da sauran, 9.8.
- BAKU-2021-35392: Buffer overflow a mini_upnpd da wscd matakai waɗanda ke aiwatar da ayyukan "WiFi Simple Config" (mini_upnpd yana ɗaukar SSDP da fakiti wscd, ban da tallafawa SSDP, yana ɗaukar buƙatun UPnP dangane da yarjejeniyar HTTP). Ta wannan hanyar, maharin zai iya kashe lambar ku ta hanyar aika buƙatun UPnP na musamman da aka ƙera tare da lambar tashar jiragen ruwa da yawa a cikin filin kira.
- BAKU-2021-35393: rauni a cikin direbobi na "WiFi Simple Config", wanda aka bayyana lokacin amfani da yarjejeniyar SSDP (yana amfani da UDP da tsarin buƙatun kama da HTTP). Matsalar ta samo asali ne ta hanyar amfani da madaidaicin ma'aunin 512-byte lokacin sarrafa ma'aunin "ST: upnp" a cikin saƙon M-SEARCH da abokan ciniki suka aika don tantance kasancewar sabis a kan hanyar sadarwa.
- BAKU-2021-35394: Yana da rauni a cikin tsarin MP Daemon, wanda ke da alhakin yin ayyukan bincike (ping, traceroute). Matsalar tana ba da damar maye gurbin umarninku saboda rashin ingantattun hujjoji yayin gudanar da abubuwan amfani na waje.
- BAKU-2021-35395: jerin rauni ne a cikin hanyoyin yanar gizo dangane da http / bin / webs da / bin / boa sabobin. An gano raunin na yau da kullun akan sabobin guda biyu, wanda ya haifar da rashin ingantacciyar hujja kafin aiwatar da abubuwan amfani na waje ta amfani da tsarin (). Bambance -bambancen suna saukowa ne kawai don amfani da API daban -daban don kai hari.
Dukansu direbobi ba su haɗa da kariya daga hare -haren CSRF da dabarun "sake juyawa na DNS", wanda ke ba da damar aika buƙatun daga cibiyar sadarwar waje yayin ƙuntata damar yin amfani da ke dubawa kawai zuwa cibiyar sadarwa ta ciki. Hanyoyin sun kuma yi amfani da asusun mai duba / mai duba wanda aka riga aka ayyana ta hanyar tsoho.
An riga an fito da gyara a cikin sabuntawar Realtek "Luna" SDK 1.3.2a, kuma ana shirya facin Realtek "Jungle" SDK don sakin. Babu wani shiri da aka shirya don Realtek SDK 2.x, saboda tuni aka daina kula da wannan reshe. An ba da samfuran amfani na aiki don duk rauni, yana ba su damar gudanar da lambar su akan na'urar.
Har ila yau, ana lura da gano wasu ƙarin raunin a cikin tsarin UDPServer. Kamar yadda ya kasance, sauran masu binciken sun riga sun gano ɗayan matsalolin a cikin 2015, amma ba a gyara shi gaba ɗaya. Matsalar ta samo asali ne sakamakon rashin ingantacciyar hujja na muhawarar da aka wuce zuwa tsarin () kuma ana iya amfani da ita ta hanyar aika layi kamar 'orf; ls 'zuwa tashar jiragen ruwa 9034.
Source: https://www.iot-inspector.com