Cilmi-baarayaasha ka socda Faraday Security ayaa soo bandhigay faahfaahinta nuglaanshaha halista ah (CVE-2022-27255) ee SDK ee Realtek RTL819x chipsets shirka DEFCON. Nuglaantani waxa ay ogolanaysaa in kood lagu fuliyo qalabka adoo soo diraya xidhmo UDP ah oo si gaar ah loo farsameeyay. Nuglaantani waa mid xusid mudan sababtoo ah waxay u ogolaataa kuwa wax weeraraya inay weeraraan aaladaha leh interface interneedka webka naafada ah ee marin u helka shabakadaha dibadda β diritaanka hal xidhmo oo UDP ah ayaa ku filan in la fuliyo weerarka.
Nuglaanta waxay saamaysaa aaladaha isticmaalaya noocyada nugul ee Realtek SDK, oo ay ku jiraan eCos RSDK 1.5.7p1 iyo MSDK 4.9.4p1. Cusbooneysiinta eCos SDK ee hagaajinta dayacanka waxaa daabacay Realtek 25-kii Maarso. Ilaa hadda ma cadda aaladaha ay saameeyeen. Realtek RTL819x SoC waxaa loo isticmaalaa jiheeyayaasha shabakadaha, meelaha laga galo, Wi-Fi fidinta, kamaradaha IP, aaladaha IoT, iyo aaladaha kale ee isku xirka ee ka badan soosaarayaasha 60, oo ay ku jiraan Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT-Link, Netgear, ZPVy, SmartxTE
Tusaalooyinka ka faa'iidaysiga helitaanka fog ee aaladda iyo fulinta amarada ayaa mar horeba si cad loo daabacay, iyadoo la adeegsanayo weerar lagu qaaday router-ka Nexxt Nebula 300 Plus tusaale ahaan. Intaa waxaa dheer, utilities loogu talagalay falanqaynta firmware ee dayacanka ayaa la daabacay.
Marka la eego caqabadaha ku jira diyaarinta iyo keenista cusboonaysiinta firmware-ka aaladaha jira, weerarrada tooska ah iyo gooryaanka lagu beegsanayo aaladaha shabakadaha nugul ayaa la filayaa inay dhowaan soo baxaan. Weerar guul leh ka dib, aaladaha la isku halleyn karo waxaa isticmaali kara kuwa weerarka soo qaaday, tusaale ahaan, si ay u sameeyaan botnets, u soo bandhigaan gadaasha dambe si ay u abuuraan albaab dambe ee shabakadda gudaha ee shirkadda, dhexda taraafikada gaadiidka, ama u wareejiso martigeliyaha dibadda.
Nuglaanta waxaa sababa qulqulka buux dhaafiyay SIP ALG (SIP Application Layer Gateway), kaas oo loo isticmaalo in lagu gudbiyo xidhmooyinka SIP ee ka baxsan tarjumaha ciwaanka. Arrintu waxay soo baxdaa sababtoo ah la'aanta ansaxinta cabbirka dhabta ah ee xogta la helay, taasoo horseedaysa in lagu beddelo xusuusta ka baxsan kaydka go'an marka la wacayo shaqada strcpy inta lagu jiro habaynta xirmada SIP. Weerarka waxaa lagu fulin karaa iyadoo la soo diro xirmo UDP ah oo leh qiyamka goobta saxda ah ee block xogta SDP ama madaxa borotokoolka SIP. Ka faa'iidaysigu wuxuu u baahan yahay in hal baakidh loo diro deked UDP ah oo aan loo meel dayin oo ku taal interface WAN.
Xakameyn ahaan, waxaa lagula talinayaa in la xannibo baakadaha UDP ee leh farriinta SIP ee "INVITE", xarigga "m=audio", iyo cabbir ka weyn 128 bytes ee dab-damiska ama nidaamka ka-hortagga soo gelitaanka shabakadda. Tusaalaha sharciga ah ee lagu ogaanayo isku dayga ka faa'iidaysiga gudaha Snort 3 IDS: digtoonow udp kasta kasta -> mid kasta (sid:1000000; \ msg:"Realtek eCOS SDK SIP Traffic Exploit CVE-2022-27255"; content:"atvite"; qoto dheer: \ 6: "xaalad la'aan" 128, qaraabo;
Source: opennet.ru
