A cikin sauyawa dangane da kwakwalwan kwamfuta na RTL83xx, gami da Cisco Small Business 220, Zyxel GS1900-24, NETGEAR GS75x, ALLNET ALL-SG8208M da fiye da dozin na'urori daga ƙananan sanannun masana'antun, mahimmin lahani waɗanda ke ba da damar maharin da ba a tabbatar da shi ba don samun iko da sauyawa. Matsalolin suna haifar da kurakurai a cikin Realtek Managed Switch Controller SDK, lambar daga wacce aka yi amfani da ita don shirya firmware.
(CVE-2019-1913) yana rinjayar ƙirar sarrafa gidan yanar gizo kuma yana ba da damar aiwatar da lambar ku tare da gatan mai amfani. Lalacewar ta samo asali ne saboda rashin isassun ingantattun sigogin da mai amfani ya kawo da kuma gazawar kimanta iyakoki na buffer daidai lokacin karanta bayanan shigarwa. Sakamakon haka, maharin na iya haifar da cikar buffer ta hanyar aika buƙatu na musamman da kuma yin amfani da matsalar don aiwatar da lambar su.
(CVE-2019-1912) yana ba da damar ɗora fayiloli na sabani akan sauya ba tare da tantancewa ba, gami da sake rubuta fayilolin daidaitawa da ƙaddamar da harsashi na baya don shiga mai nisa. Matsalar tana faruwa ne sakamakon rashin cikar duba izini a cikin mu'amalar yanar gizo.
Hakanan zaka iya lura da kawar da ƙarancin haɗari (CVE-2019-1914), wanda ke ba da damar aiwatar da umarni na sabani tare da tushen gata idan akwai ingantacciyar hanyar shiga yanar gizo mara gata. Ana warware batutuwa a cikin Cisco Small Business 220 (1.1.4.4), Zyxel, da NETGEAR firmware updates. An shirya cikakken bayanin hanyoyin aiki 20 ga Agusta.
Matsaloli kuma suna bayyana a cikin wasu na'urori dangane da kwakwalwan kwamfuta na RTL83xx, amma masana'antun ba su tabbatar da su ba kuma ba a gyara su ba:
- EnGenius EGS2110P, EWS1200-28TFP, EWS1200-28TFP;
- PLANET GS-4210-8P2S, GS-4210-24T2;
- DrayTek VigorSwitch P1100;
- CERIO CS-2424G-24P;
- Xhome DownLoop-G24M;
- Abaniact (INABA) AML2-PS16-17GP L2;
- Araknis Networks (SnapAV) AN-310-SW-16-POE;
- EDIMAX GS-5424PLC, GS-5424PLC;
- Buɗe Mesh OMS24;
- Pakedgedevice SX-8P;
- Saukewa: TG-NET P3026M-24POE.
source: budenet.ru