Bofokoli bo 'ne bo fumanoe likarolong tsa Realtek SDK, e sebelisoang ke baetsi ba lisebelisoa tse fapaneng tse se nang mohala ho firmware ea bona, e ka lumellang mohlaseli ea sa netefatsoang hore a phethe khoutu ho sesebelisoa se nang le litokelo tse phahameng. Ho latela likhakanyo tsa pele, mathata a ama bonyane mefuta e 200 ea lisebelisoa ho tsoa ho barekisi ba fapaneng ba 65, ho kenyelletsa le mefuta e fapaneng ea li-routers tse se nang mohala Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT- Link, Netgear , Realtek, Smartlink, UPVEL, ZTE le Zyxel.
Bothata bo akaretsa lihlopha tse fapaneng tsa lisebelisoa tse se nang mohala tse thehiloeng ho RTL8xxx SoC, ho tloha ho li-routers tse se nang mohala le li-amplifiers tsa Wi-Fi ho ea ho lik'hamera tsa IP le lisebelisoa tse laolang mabone a bohlale. Lisebelisoa tse thehiloeng ho li-chips tsa RTL8xxx li sebelisa boqapi bo kenyelletsang ho kenya li-SoC tse peli - ea pele e kenya firmware ea moetsi oa Linux, 'me ea bobeli e tsamaisa tikoloho e arohaneng ea Linux ka ts'ebetsong ea mesebetsi ea sebaka sa phihlello. Ho tlatsoa ha tikoloho ea bobeli ho ipapisitse le likarolo tse tloaelehileng tse fanoeng ke Realtek ho SDK. Likarolo tsena li boetse li sebetsana le data e amohetsoeng ka lebaka la ho romella likopo tsa kantle.
Bofokoli bo ama lihlahisoa tse sebelisang Realtek SDK v2.x, Realtek "Jungle" SDK v3.0-3.4 le Realtek "Luna" SDK pele ho mofuta oa 1.3.2. Tokiso e se e lokollotsoe ntlafatsong ea Realtek "Luna" SDK 1.3.2a, 'me li-patches tsa Realtek "Jungle" SDK le tsona li ntse li lokisetsoa ho hatisoa. Ha ho na merero ea ho lokolla litokisetso leha e le life tsa Realtek SDK 2.x, kaha tšehetso ea lekala lena e se e khaolitse. Bakeng sa bofokoli bohle, ho fanoe ka li-prototype tse sebetsang tse u lumellang ho kenya khoutu ea hau sesebelisoa.
Bofokoli bo bonts'itsoeng (ba pele ba babeli ba abeloa boemo ba boima ba 8.1, 'me ba bang kaofela - 9.8):
- CVE-2021-35392 - Buffer e phalla ka har'a mini_upnpd le ts'ebetso ea wscd e kenyang ts'ebetso ea "WiFi Simple Config" (mini_upnpd e sebetsana le lipakete tsa SSDP, le wscd, ntle le ho tšehetsa SSDP, e sebetsana le likopo tsa UPnP tse ipapisitseng le protocol ea HTTP). Mohlaseli a ka khona ho phethahatsa khoutu ea hae ka ho romela likopo tse entsoeng ka mokhoa o khethehileng tsa "SUBSCRIBE" tsa UPnP ka nomoro ea boema-kepe e kholo haholo lebaleng la "Callback". SUBSCRIBE /upnp/event/WFAWLANConfig1 HTTP/1.1 Host: 192.168.100.254:52881 Callback: NT: up
- CVE-2021-35393 ke tlokotsi ho li-WiFi Simple Config handlers tse hlahang ha ho sebelisoa protocol ea SSDP (e sebelisa UDP le sebopeho sa kopo se ts'oanang le HTTP). Taba ena e bakoa ke tšebeliso ea "buffer" e tsitsitseng ea 512 byte ha e sebetsana le parameter ea "ST: upnp" melaetsa ea M-SEARCH e rometsoeng ke bareki ho fumana hore na ho na le litšebeletso tse teng marang-rang.
- CVE-2021-35394 ke ts'oaetso ts'ebetsong ea MP Daemon, e ikarabellang bakeng sa ho etsa ts'ebetso ea ho hlahloba (ping, traceroute). Bothata bo lumella ho fetola litaelo tsa motho ka boeena ka lebaka la ho se hlahlojoe ho lekaneng ha likhang ha ho etsoa lisebelisoa tsa ka ntle.
- CVE-2021-35395 ke letoto la bofokoli ho marang-rang a marang-rang a thehiloeng ho li-server tsa http /bin/webs le /bin/boa. Bofokoli bo bakiloeng ke khaello ea ho lekola likhang pele ho qala lits'ebeletso tsa kantle ho sebelisoa sistimi () ts'ebetso li ile tsa bonoa ho li-server ka bobeli. Liphapang li theoha feela ts'ebelisong ea li-API tse fapaneng bakeng sa litlhaselo. Basebelisi ka bobeli ha baa kenyelletsa tšireletso khahlanong le litlhaselo tsa CSRF le mokhoa oa "DNS rebinding", o lumellang ho romella likopo ho tsoa marang-rang a kantle ha o ntse o thibela phihlello ea sebopeho ho marang-rang a kahare feela. Mekhoa e boetse e hlophisitsoe ho akhaonto e boletsoeng esale pele ea mookameli/mookameli. Ho phaella moo, ho na le li-stack overflows tse 'maloa tse khetholloang ho ba sebetsang, tse etsahalang ha likhang tse kholo haholo li romeloa. POST /goform/formWsc HTTP/1.1 Host: 192.168.100.254 Content-Length: 129 Content-Type: application/x-www-form-urlencoded submit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678if1/config> ;&setPIN=Qala+PIN&configVxd=off&resetRptUnCfg=0&peerRptPin=
- Ho feta moo, ho fumanoe likotsi tse ling tse 'maloa ts'ebetsong ea UDPServer. Ha e le hantle, e 'ngoe ea mathata e ne e se e fumanoe ke bafuputsi ba bang morao koana ka 2015, empa ha ea ka ea lokisoa ka ho feletseng. Bothata bo bakoa ke ho hloka netefatso e nepahetseng ea likhang tse fetiselitsoeng ho system() ts'ebetso mme e ka sebelisoa hampe ka ho romella khoele e kang 'orf;ls' ho netweke port 9034. Holim'a moo, ho na le ho phatloha ho hoholo hoa buffer ho UDPServer ka lebaka la ts'ebeliso e sa sireletsehang ea ts'ebetso ea sprintf, eo le eona e ka sebelisoang ho etsa litlhaselo.
Source: opennet.ru