ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Nuglaanta u oggolaanaysa xakamaynta Cisco, Zyxel iyo NETGEAR daarannada Chips RTL83xx in lala wareego.

Nuglaanta u oggolaanaysa xakamaynta Cisco, Zyxel iyo NETGEAR daarannada Chips RTL83xx in lala wareego.

Shixnadaha ku saleysan chips-ka RTL83xx, oo ay ku jiraan Cisco Small Business 220, Zyxel GS1900-24, NETGEAR GS75x, ALLNET ALL-SG8208M iyo in ka badan darsin aaladaha soo saarayaasha caanka ah, la aqoonsaday baylahda halista ah oo u ogalaata weeraryahan aan la xaqiijin inuu gacanta ku dhigo beddelka. Dhibaatooyinka waxaa sababa khaladaadka ku jira Realtek Managed Switch Controller SDK, koodka kaas oo loo adeegsaday diyaarinta firmware-ka.

Nuglaanta koowaad (CVE-2019-1913) waxay saamaysaa isdhexgalka kontoroolka shabakada waxayna suurtogal ka dhigtaa in lagu fuliyo koodhkaaga mudnaanta isticmaalaha. Nuglaanta waxaa sabab u ah ansaxinta ku filnaan la'aanta xuduudaha uu adeegsaduhu keeno iyo guuldarada in si sax ah loo qiimeeyo xudduudaha kaydinta marka la akhrinayo xogta gelinta. Natiijo ahaan, weeraryahanku wuxuu sababi karaa qulqulka qulqulka isagoo soo diraya codsi si gaar ah loo diyaariyay oo uga faa'iidaysanaya dhibaatada si uu u fuliyo koodka.

Nuglaanta labaad (CVE-2019-1912) waxay u ogolaataa faylal aan sabab lahayn in lagu shubo furaha iyadoon la hubin, oo ay ku jiraan dib u qorida faylalka qaabeynta iyo soo saarida qolof gadaal ah oo gelitaanka fog. Dhibka waxaa keenay hubinta ogolaanshaha ee interneedka shabakada oo aan dhamaystirnayn.

Waxaad sidoo kale ogaan kartaa baabi'inta khatarta yar baylahda (CVE-2019-1914), kaas oo u oggolaanaya amarrada aan sabab lahayn in lagu fuliyo mudnaanta xididka haddii ay jirto galitaanka aan mudnayn ee la xaqiijiyay ee interface-ka shabakadda. Arrimaha waxaa lagu xalliyaa Cisco Small Business 220 (1.1.4.4), Zyxel, iyo NETGEAR firmware updates. Tilmaan faahfaahsan oo ku saabsan hababka hawlgalka ayaa la qorsheeyay daabacaan Ogosto 20-keedii.

Dhibaatooyinku waxay sidoo kale ka muuqdaan aaladaha kale ee ku saleysan chips-ka RTL83xx, laakiin wali ma aysan xaqiijin soosaarayaasha oo aan la hagaajin:

  • EnGenius EGS2110P, EWS1200-28TFP, EWS1200-28TFP;
  • PLANET GS-4210-8P2S, GS-4210-24T2;
  • DrayTek VigorSwitch P1100;
  • CERIO CS-2424G-24P;
  • Xhome DownLoop-G24M;
  • Abaniact (INABA) AML2-PS16-17GP L2;
  • Araknis Networks (SnapAV) AN-310-SW-16-POE;
  • EDIMAX GS-5424PLC, GS-5424PLC;
  • Fur Mesh OMS24;
  • Pakedgedevice SX-8P;
  • TG-NET P3026M-24POE.

Source: opennet.ru

Add a comment