An gano lahani guda huɗu a cikin sassan Realtek SDK, wanda masana'antun na'urorin mara waya daban-daban ke amfani da su a cikin firmware ɗin su, wanda zai iya ba da damar maharin da ba a tabbatar da shi ba ya aiwatar da lamba daga nesa akan na'urar tare da manyan gata. Dangane da ƙididdigar farko, matsalolin sun shafi aƙalla nau'ikan na'urori 200 daga masu samar da kayayyaki daban-daban 65, gami da nau'ikan nau'ikan hanyoyin sadarwa mara waya ta Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT- Haɗin kai, Netgear, Realtek, Smartlink, UPVEL, ZTE da Zyxel.
Matsalar ta shafi nau'o'in na'urorin mara waya daban-daban dangane da RTL8xxx SoC, daga na'urori masu amfani da waya da Wi-Fi amplifiers zuwa kyamarori na IP da na'urori masu sarrafa hasken wuta. Na'urorin da suka dogara da kwakwalwan kwamfuta na RTL8xxx suna amfani da tsarin gine-ginen da ya ƙunshi shigar da SoCs guda biyu - na farko yana shigar da firmware na tushen Linux na masana'anta, na biyu kuma yana gudanar da wani yanayi na Linux wanda aka cire tare da aiwatar da ayyukan ma'anar samun dama. Cika yanayin yanayi na biyu ya dogara ne akan daidaitattun abubuwan da Realtek ke bayarwa a cikin SDK. Waɗannan abubuwan haɗin kuma suna aiwatar da bayanan da aka karɓa sakamakon aika buƙatun waje.
Rashin lahani yana shafar samfuran da ke amfani da Realtek SDK v2.x, Realtek "Jungle" SDK v3.0-3.4 da Realtek "Luna" SDK kafin sigar 1.3.2. An riga an fitar da gyaran a cikin sabuntawar Realtek "Luna" SDK 1.3.2a, kuma ana shirya faci na Realtek "Jungle" SDK don bugawa. Babu wani shiri don sakin duk wani gyara don Realtek SDK 2.x, tunda an daina goyan bayan wannan reshe. Ga duk rashin lahani, ana samar da samfuran amfani masu aiki waɗanda ke ba ku damar aiwatar da lambar ku akan na'urar.
Abubuwan lahani da aka gano (na biyun farko an sanya su a matakin tsananin 8.1, da sauran - 9.8):
- CVE-2021-35392 - Buffer ambaliya a cikin matakan mini_upnpd da wscd waɗanda ke aiwatar da ayyukan "WiFi Simple Config" (fakitin mini_upnpd SSDP, da wscd, ban da tallafawa SSDP, aiwatar da buƙatun UPnP dangane da ka'idar HTTP). Mai hari zai iya cimma aiwatar da lambar su ta hanyar aika buƙatun UPnP na musamman na "SUBSCRIBE" tare da babban lambar tashar jiragen ruwa a cikin filin "Kira". Yi rijista /upnp/event/WFAWLANConfig1 HTTP/1.1 Mai watsa shiri: 192.168.100.254:52881 Kiran dawowa: NT:upnp: aukuwa
- CVE-2021-35393 wani rauni ne a cikin masu sarrafa Sauƙaƙe na WiFi wanda ke faruwa lokacin amfani da ka'idar SSDP (yana amfani da UDP da tsarin buƙatun kama da HTTP). Batun yana faruwa ne ta hanyar amfani da kafaffen buffer na 512 bytes lokacin sarrafa ma'aunin "ST:upnp" a cikin saƙonnin M-SEARCH da abokan ciniki suka aiko don tantance kasancewar sabis akan hanyar sadarwa.
- CVE-2021-35394 wani rauni ne a cikin tsarin MP Daemon, wanda ke da alhakin aiwatar da ayyukan bincike (ping, traceroute). Matsalar tana ba da damar musanya umarnin mutum saboda rashin isassun bincikar gardama lokacin aiwatar da abubuwan amfani na waje.
- CVE-2021-35395 jerin lahani ne a cikin mu'amalar yanar gizo dangane da sabobin http /bin/webs da /bin/boa. Matsaloli na yau da kullun da ke haifar da rashin tantance gardama kafin ƙaddamar da abubuwan amfani na waje ta amfani da aikin tsarin () an gano su a cikin sabobin biyu. Bambance-bambancen sun zo ne kawai ga amfani da APIs daban-daban don hare-hare. Dukansu masu sarrafa ba su haɗa da kariya daga hare-haren CSRF ba da kuma dabarar “rebinding DNS”, wanda ke ba da damar aika buƙatun daga hanyar sadarwa ta waje yayin da ke hana yin amfani da hanyar sadarwa kawai zuwa cibiyar sadarwa ta ciki. Hakanan tsarin ya ɓace zuwa asusun da aka ayyana mai kulawa/mai kulawa. Bugu da ƙari, an gano tarin tulin da yawa a cikin masu sarrafa, wanda ke faruwa lokacin da aka aika muhawarar da ta fi girma. POST /goform/formWsc HTTP/1.1 Mai watsa shiri: 192.168.100.254 Tsawon Abun ciki: 129 Abun ciki-Nau'in: aikace-aikace/x-www-form-urlencoded sallama-url=%2Fwlwps.asp&resetUnCfg=0&peer12345678>1; ;&setPIN=Fara+PIN&configVxd=kashe&resetRptUnCfg=0&peerRptPin=
- Bugu da ƙari, an gano wasu ƙarin lahani a cikin tsarin UDPServer. Kamar yadda ya fito, wasu masu bincike sun riga sun gano daya daga cikin matsalolin a cikin 2015, amma ba a gyara su gaba daya ba. Matsalar tana faruwa ne saboda rashin ingantaccen ingantaccen gardama da aka wuce zuwa aikin tsarin () kuma ana iya amfani da shi ta hanyar aika kirtani kamar 'orf;ls' zuwa tashar tashar sadarwa ta 9034. Bugu da kari, an gano buffer ambaliya a cikin UDPServer saboda rashin tsaro na amfani da aikin sprintf, wanda kuma ana iya amfani da shi don kai hare-hare.
source: budenet.ru