Ziwopsezo zinayi zadziwika m'zigawo za Realtek SDK, zomwe zimagwiritsidwa ntchito ndi opanga zida zopanda zingwe mu firmware yawo, zomwe zitha kulola wowukira wosavomerezeka kuti apereke code pa chipangizo chokhala ndi mwayi wapamwamba. Malinga ndi kuyerekezera koyambirira, mavutowa amakhudza mitundu yosachepera 200 kuchokera kwa ogulitsa 65 osiyanasiyana, kuphatikiza mitundu yosiyanasiyana ya ma routers opanda zingwe Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT- Link, Netgear, Realtek, Smartlink, UPVEL, ZTE ndi Zyxel.
Vutoli limakhudza magulu osiyanasiyana a zida zopanda zingwe kutengera RTL8xxx SoC, kuchokera ku ma router opanda zingwe ndi ma Wi-Fi amplifiers kupita ku makamera a IP ndi zida zowongolera zowunikira mwanzeru. Zipangizo zozikidwa pa tchipisi ta RTL8xxx zimagwiritsa ntchito zomanga zomwe zimaphatikizapo kuyika ma SoC awiri - yoyamba imayika firmware yochokera ku Linux, ndipo yachiwiri imayendetsa malo a Linux ochotsedwa ndikukhazikitsa ntchito zofikira. Kudzazidwa kwa chilengedwe chachiwiri kumatengera magawo omwe amaperekedwa ndi Realtek mu SDK. Zigawozi zimagwiranso ntchito zomwe zalandiridwa chifukwa chotumiza zopempha zakunja.
Kusatetezeka kumakhudza zinthu zomwe zimagwiritsa ntchito Realtek SDK v2.x, Realtek "Jungle" SDK v3.0-3.4 ndi Realtek "Luna" SDK isanachitike 1.3.2. Kukonzekera kwatulutsidwa kale muzosintha za Realtek "Luna" SDK 1.3.2a, ndipo zigamba za Realtek "Jungle" SDK zikukonzekeranso kusindikizidwa. Palibe mapulani otulutsa zokonza za Realtek SDK 2.x, popeza kuthandizira nthambiyi kwathetsedwa kale. Pazovuta zonse, ma prototypes ogwiritsira ntchito amaperekedwa omwe amakulolani kuti mugwiritse ntchito nambala yanu pazida.
Zowopsa zodziwika (zoyamba ziwiri zimapatsidwa mulingo wovuta wa 8.1, ndi zina zonse - 9.8):
- CVE-2021-35392 - Buffer kusefukira mu mini_upnpd ndi wscd njira zomwe zimagwiritsa ntchito "WiFi Simple Config" (mini_upnpd imapanga mapaketi a SSDP, ndi wscd, kuphatikiza pakuthandizira SSDP, imayang'anira zopempha za UPnP kutengera protocol ya HTTP). Wowukira atha kukwaniritsa ma code awo potumiza zopempha zopangidwa mwapadera za UPnP "SUBSCRIBE" ndi doko lalikulu kwambiri pagawo la "Callback". SUBSCRIBE /upnp/event/WFAWLANConfig1 HTTP/1.1 Host: 192.168.100.254:52881 Callback: NT:upnp: chochitika
- CVE-2021-35393 ndi chiwopsezo cha WiFi Simple Config handlers zomwe zimachitika mukamagwiritsa ntchito protocol ya SSDP (imagwiritsa ntchito UDP ndi fomu yofunsira yofanana ndi HTTP). Nkhaniyi imayamba chifukwa chogwiritsa ntchito buffer yokhazikika ya 512 byte pokonza gawo la "ST:upnp" mu mauthenga a M-SEARCH otumizidwa ndi makasitomala kuti adziwe kupezeka kwa mautumiki pa intaneti.
- CVE-2021-35394 ndi chiwopsezo mu njira ya MP Daemon, yomwe imayang'anira ntchito zowunikira (ping, traceroute). Vutoli limalola kulowetsa m'malo mwa malamulo ake chifukwa cholephera kuyang'ana mikangano pochita zinthu zakunja.
- CVE-2021-35395 ndizovuta zingapo pamawonekedwe a intaneti kutengera ma seva a http /bin/webs ndi /bin/boa. Zowopsa zomwe zimachitika chifukwa chosowa kuyang'ana mikangano musanatsegule zida zakunja pogwiritsa ntchito dongosolo () zidadziwika mu maseva onse awiri. Kusiyanaku kumabwera kokha pakugwiritsa ntchito ma API osiyanasiyana pakuwukira. Othandizira onsewa sanaphatikizepo chitetezo pakuwukiridwa ndi CSRF ndi njira ya "DNS rebinding", yomwe imalola kutumiza zopempha kuchokera pa netiweki yakunja ndikuletsa mwayi wolumikizana ndi netiweki yamkati yokha. Njira zidasinthidwanso ku akaunti ya woyang'anira/woyang'anira. Kuonjezera apo, kuchulukira kambirimbiri kwadziwika mwa ogwira ntchito, zomwe zimachitika pamene mikangano yomwe ili yaikulu kwambiri imatumizidwa. POST /goform/formWsc HTTP/1.1 Host: 192.168.100.254 Utali-wazinthu: 129 Content-Type: application/x-www-form-urlencoded submit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678/config> ;&setPIN=Yambani+PIN&configVxd=off&resetRptUnCfg=1&peerRptPin=
- Kuphatikiza apo, zofooka zina zingapo zadziwika munjira ya UDPServer. Monga momwe zinakhalira, imodzi mwazovutazo idapezeka kale ndi ofufuza ena mmbuyomo mu 2015, koma sizinakonzedwe kwathunthu. Vutoli limayamba chifukwa chosowa kutsimikizira koyenera kwa mfundo zomwe zaperekedwa ku system() ntchito ndipo zitha kugwiritsidwa ntchito potumiza chingwe ngati 'orf;ls' ku network port 9034. Kuphatikiza apo, kusefukira kwa buffer kwadziwika mu UDPServer chifukwa chogwiritsa ntchito mopanda chitetezo cha sprintf ntchito, yomwe ingagwiritsidwenso ntchito polimbana.
Source: opennet.ru