Kakawanda kusagadzikana kwakaonekwa muRealtek SDK

Munguva pfupi yapfuura ruzivo rwakakosha rwakaburitswa pamatambudziko mana mu izvo zvinhu zveiyo Realtek SDK, iyo inoshandiswa nevakawanda vakasiyana michina yekugadzira michina mune yavo firmware. Nyaya dzakaonekwa dzinotendera uyo asina kuvimbwa anorwisa kuti aite kure kure kodhi pachigadzirwa chakakwidziridzwa.

Inofungidzirwa izvozvo nyaya dzinobata angangoita mazana maviri emamodeli emidziyo kubva kune makumi matanhatu nevatengesi vatengesi, inosanganisira akasiyana mamodeli easina waya mairi kubva kumhando Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT -Link, Netgear, Realtek, Smartlink, UPVEL, ZTE uye Zyxel.

Dambudziko inosanganisira makirasi akasiyana eRTL8xxx SoC-based wireless zvishandisoKubva pamatafura asina waya uye maWi-Fi amplifiers kuenda kumakamera ePI uye zvishandiso zvine hungwaru zvekudzora mwenje.

Midziyo yakavakirwa paRTL8xxx machipisi inoshandisa dhizaini iyo inosanganisira kuisirwa maSoC maviri: yekutanga inoisa iyo Linux-based inogadzira firmware, uye yechipiri inomhanya yakasarudzika yakatenderera nharaunda yeLinux nekumisikidzwa kwenzvimbo yekuwana poindi. Huwandu hwenzvimbo yechipiri hwakavakirwa pane zvakajairika zvinhu zvinopihwa naRealtek mune iyo SDK. Izvi zvinhu, pakati pezvimwe zvinhu, zvinogadzirisa iyo data inogamuchirwa semhedzisiro yekutumira kunze zvikumbiro.

Kudzvinyirirwa kukanganisa zvigadzirwa zvinoshandisa Realtek SDK v2.x, Realtek "Jungle" SDK v3.0-3.4 uye Realtek "Luna" SDK kumusoro kune vhezheni 1.3.2.

Nezvechikamu cherondedzero yehunhu hwakaonekwa, zvakakosha kutaura kuti maviri ekutanga akapihwa huremo hwekuomarara hwe8.1 uye vamwe vese, 9.8.

  • CVE-2021-35392: Buffer inopfachukira mu mini_upnpd uye wscd maitiro anoshandisa iyo "WiFi Simple Config" mashandiro (mini_upnpd inobata SSDP uye wscd mapaketi, kunze kwekutsigira SSDP, inobata UPnP zvikumbiro zvinoenderana neiyo HTTP protocol). Mukuita kudaro, anorwisa anogona kuita kuti kodhi yako iurayiwe nekutumira zvikumbiro zvakagadzirwa UPnP SUBSCRIBE zvikumbiro zvine yakanyanya nhamba yechiteshi mumunda wekufona.
  • CVE-2021-35393: kutyisidzika mu "WiFi Simple Config" madhiraivha, anozviratidza kana achishandisa SSDP protocol (inoshandisa UDP uye fomu yekukumbira yakafanana neHTTP). Dambudziko rinokonzerwa nekushandiswa kwe512-byte yakagadziriswa bhaudhi kana uchigadzirisa iyo "ST: upnp" paramende muM-SEARCH mameseji anotumirwa nevatengi kuona kuwanikwa kwemasevhisi pane network.
  • CVE-2021-35394: Iko kunetsekana muMP Daemon maitiro, ayo ane basa rekuita mabasa ekuongorora (ping, traceroute). Dambudziko rinobvumidza kutsiva mirairo yako nekuda kwekukwana kusimbiswa kwekupokana kana uchimhanyisa zvekunze zvekushandisa.
  • CVE-2021-35395: yakateedzana yekushupika muwebhu interface inoenderana ne http / bin / webs uye / bin / boa maseva. Zvakajairika kusagadzikana zvakaonekwa pane ese maseva, zvichikonzerwa nekushaikwa kwekupokana kusimbiswa usati waita zvekunze zvinoshandiswa uchishandisa iyo system () basa. Misiyano inouya chete pakushandiswa kwemaAPIs akasiyana ekurwiswa.
    Ose madhiraivha haana kusanganisira kudzivirirwa pakurwiswa kwe CSRF uye ne "kudzora DNS" nzira, iyo inobvumidza zvikumbiro kutumirwa kubva kunetiweki yekunze uchirambidza kupinda kune interface chete kune yemukati network. Maitiro acho akashandisawo akafanotarisirwa manejimendi / account revatariri nekutadza.

Kugadziriswa kwacho kwakatoburitswa muRealtek "Luna" SDK kugadzirisa 1.3.2a, uye Realtek "Jungle" SDK zvigamba zviri kugadzirirwawo kuburitswa. Hapana zvigadziriso zvakarongerwa Realtek SDK 2.x, sekuchengetedzwa kwebazi iri kwatove kumiswa. Anoshanda ekushandisa prototypes akapihwa kune ese kushomeka, achivabvumira kumhanyisa kodhi yavo pane chishandiso.

Uyewo, kuzivikanwa kweakawanda akaremara maitiro muUDPServer maitiro anoonekwa. Sezvakazoitika, rimwe rematambudziko rakanga ratowanikwa nevamwe vaongorori muna 2015, asi rakanga risina kugadzikana zvachose. Dambudziko rinokonzerwa nekushayikwa kwechokwadi kwekupokana kwakapfuudzwa kune system () basa uye kunogona kushandiswa nekutumira mutsetse wakaita 'orf; ls 'kune network port 9034.

mabviro: https://www.iot-inspector.com


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako