Bofokoli bo lumellang taolo ea Cisco, Zyxel le NETGEAR li-chips tsa RTL83xx hore li nkeloe sebaka.

Ka li-switches tse thehiloeng ho li-chips tsa RTL83xx, ho kenyeletsoa Cisco Small Business 220, Zyxel GS1900-24, NETGEAR GS75x, ALLNET ALL-SG8208M le lisebelisoa tse fetang leshome le metso e 'meli tse tsoang ho bahlahisi ba sa tsejoeng haholo, tsebahatsoa bofokoli ba bohlokoa bo lumellang mohlaseli ea sa netefatsoang ho fumana taolo ea switch. Mathata a bakoa ke liphoso ho Realtek Managed Switch Controller SDK, khoutu e sebelisitsoeng ho lokisa firmware.

Bofokoli ba pele (CVE-2019-1913) e ama sebopeho sa taolo ea webo mme e etsa hore ho khonehe ho sebelisa khoutu ea hau ka litokelo tsa mosebelisi. Kotsi e bakoa ke ho se netefatse ho lekaneng ha liparamente tse fanoeng ke mosebelisi le ho hloleha ho lekola meeli ea buffer hantle ha u bala lintlha tse kentsoeng. Ka lebaka leo, mohlaseli a ka etsa hore buffer e khaphatsehe ka ho romela kopo e entsoeng ka mokhoa o khethehileng le ho sebelisa bothata ho phethahatsa khoutu ea bona.

Bofokoli ba bobeli (CVE-2019-1912) e lumella lifaele tse hanyetsanang hore li kenngoe sesebelisoa ntle le netefatso, ho kenyelletsa le ho ngola lifaele tsa tlhophiso le ho qala khetla e ka morao bakeng sa ho kena hole. Bothata bo bakoa ke tlhahlobo e sa phethahalang ea litumello sebakeng sa marang-rang.

U ka boela ua hlokomela ho felisoa ha kotsi e fokolang bofokodi (CVE-2019-1914), e lumellang litaelo tse se nang boikemelo hore li etsoe ka litokelo tsa motso haeba ho na le ho kena ho netefalitsoeng ho sa netefatsoang ho sehokelo sa webo. Mathata a rarolloa ho Cisco Small Business 220 (1.1.4.4), Zyxel, le lintlafatso tsa firmware tsa NETGEAR. Tlhaloso e qaqileng ea mekhoa ea ts'ebetso e reriloe phatlalatsa La 20 Phato.

Mathata a boetse a hlaha lisebelisoa tse ling tse thehiloeng ho li-chips tsa RTL83xx, empa ha li e-so tiisetsoe ke bahlahisi mme ha li so lokisoe:

• EnGenius EGS2110P, EWS1200-28TFP, EWS1200-28TFP;
• PLANET GS-4210-8P2S, GS-4210-24T2;
• DrayTek VigorSwitch P1100;
• CERIO CS-2424G-24P;
• Xhome DownLoop-G24M;
• Abaniact (INABA) AML2-PS16-17GP L2;
• Araknis Networks (SnapAV) AN-310-SW-16-POE;
• EDIMAX GS-5424PLC, GS-5424PLC;
• Bula Mesh OMS24;
• Sesebelisoa sa Pakedge SX-8P;
• TG-NET P3026M-24POE.

Source: opennet.ru