ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Vulnerabilities uas tso cai rau kev tswj ntawm Cisco, Zyxel thiab NETGEAR keyboards ntawm RTL83xx chips yuav raug coj mus.

Vulnerabilities uas tso cai rau kev tswj ntawm Cisco, Zyxel thiab NETGEAR keyboards ntawm RTL83xx chips yuav raug coj mus.

Hauv cov keyboards raws li RTL83xx chips, suav nrog Cisco Kev Lag Luam Me 220, Zyxel GS1900-24, NETGEAR GS75x, ALLNET ALL-SG8208M thiab ntau tshaj li kaum lub khoom siv los ntawm cov tuam txhab tsis tshua paub, txheeb xyuas qhov tsis zoo tseem ceeb uas tso cai rau tus neeg tawm tsam tsis muaj pov thawj kom tau txais kev tswj hwm ntawm qhov hloov. Cov teeb meem yog tshwm sim los ntawm kev ua yuam kev hauv Realtek Managed Switch Controller SDK, cov cai los ntawm kev siv los npaj cov firmware.

Thawj qhov yooj yim (CVE-2019-1913) cuam tshuam rau lub web tswj interface thiab ua rau nws muaj peev xwm ua tiav koj cov cai nrog cov cai hauv paus neeg siv. Qhov tsis zoo yog vim tsis muaj kev lees paub ntawm cov neeg siv khoom siv tsis txaus thiab tsis ua tiav kev ntsuas tsis zoo thaum nyeem cov ntaub ntawv nkag. Yog li ntawd, tus neeg tawm tsam tuaj yeem ua rau muaj qhov tsis txaus los ntawm kev xa cov lus thov tshwj xeeb thiab siv qhov teeb meem los ua lawv cov cai.

Qhov thib ob vulnerability (CVE-2019-1912) tso cai rau cov ntaub ntawv arbitrary thauj mus rau qhov hloov pauv yam tsis muaj kev lees paub, suav nrog kev sau cov ntaub ntawv teeb tsa thiab tso tawm lub plhaub rov qab rau cov chaw taws teeb nkag. Qhov teeb meem yog tshwm sim los ntawm kev kuaj tsis tiav ntawm kev tso cai hauv lub vev xaib interface.

Koj tuaj yeem nco ntsoov tshem tawm qhov tsis txaus ntshai yooj yim (CVE-2019-1914), uas tso cai rau arbitrary commands yuav tsum tau ua nrog lub hauv paus cai yog hais tias muaj ib tug unprivileged authenticated nkag mus rau lub web interface. Cov teeb meem raug daws hauv Cisco Small Business 220 (1.1.4.4), Zyxel, thiab NETGEAR firmware hloov tshiab. Cov lus piav qhia ntxaws txog cov txheej txheem ua haujlwm tau npaj tseg luam tawm Lub yim hli ntuj 20.

Cov teeb meem kuj tshwm sim hauv lwm cov khoom siv raws li RTL83xx chips, tab sis lawv tseem tsis tau lees paub los ntawm cov tuam ntxhab thiab tsis tau kho:

  • EnGenius EGS2110P, EWS1200-28TFP, EWS1200-28TFP;
  • PLANET GS-4210-8P2S, GS-4210-24T2;
  • DrayTek VigorSwitch P1100;
  • CERIO CS-2424G-24P;
  • Xhome DownLoop-G24M;
  • Abaniact (INABA) AML2-PS16-17GP L2;
  • Araknis Networks (SnapAV) AN-310-SW-16-POE;
  • EDIMAX GS-5424PLC, GS-5424PLC;
  • Qhib Mesh OMS24;
  • Pakedgedevice SX-8P;
  • TG-NET P3026M-24POE.

Tau qhov twg los: opennet.ru

Ntxiv ib saib