ProHoster > Ibhulogi > iindaba ze-intanethi > Ukuba semngciphekweni okuvumela ukubamba ulawulo lweCisco, Zyxel kunye neNETGEAR iiswitshi ezisekwe kwiRTL83xx chips

Ukuba semngciphekweni okuvumela ukubamba ulawulo lweCisco, Zyxel kunye neNETGEAR iiswitshi ezisekwe kwiRTL83xx chips

Kutshintshiselwano olusekwe kwi-RTL83xx chips, kubandakanya iCisco Small Business 220, Zyxel GS1900-24, NETGEAR GS75x, ALLNET ALL-SG8208M kunye nezixhobo ezingaphezu kweshumi elinesibini ezivela kubavelisi abangaziwayo, ichongiwe ubuthathaka obubalulekileyo obuvumela umhlaseli ongagunyaziswanga ukuba afumane ulawulo lokutshintsha. Iingxaki zibangelwa iimpazamo kwi-Realtek Managed Switch Controller SDK, ikhowudi eyayisetyenziselwa ukulungisa i-firmware.

Ukuba sesichengeni sokuqala (CVE-2019-1913) ichaphazela ujongano lolawulo lwewebhu kwaye yenza kube lula ukwenza ikhowudi yakho ngamalungelo omsebenzisi weengcambu. Ukuba sesichengeni kungenxa yokuqinisekiswa okunganelanga kweeparamitha ezinikezelwe ngumsebenzisi kunye nokusilela ukuvavanya ngokufanelekileyo imida ye-buffer xa kufundwa idatha yegalelo. Ngenxa yoko, umhlaseli unokubangela ukuphuphuma kwe-buffer ngokuthumela isicelo esenziwe ngokukodwa kwaye asebenzise ingxaki ukwenza ikhowudi yabo.

Ukuba sesichengeni kwesibini (CVE-2019-1912) ivumela iifayile ezingafunekiyo ukuba zilayishwe kwiswitshi ngaphandle koqinisekiso, kubandakanya ukubhala ngaphezulu kweefayile zoqwalaselo kunye nokwazisa iqokobhe elingasemva lokungena okude. Ingxaki ibangelwa kukukhangela okungaphelelanga kweemvume kujongano lwewebhu.

Unokuqaphela kwakhona ukupheliswa kobungozi obuncinci ubuthathaka (CVE-2019-1914), evumela imiyalelo engafanelekanga ukuba iphunyezwe ngamalungelo eengcambu ukuba kukho ukungena ngemvume okungaqinisekiswanga kwi-interface yewebhu. Imiba isonjululwe kwiCisco Small Business 220 (1.1.4.4), Zyxel, kunye nohlaziyo lwe-firmware yeNETGEAR. Inkcazo ecacileyo yeendlela zokusebenza icwangcisiwe papasha Nge-20 ka-Agasti.

Iingxaki zikwavela kwezinye izixhobo ezisekwe kwi-RTL83xx chips, kodwa azikaqinisekiswa ngabavelisi kwaye azikalungiswa:

  • EnGenius EGS2110P, EWS1200-28TFP, EWS1200-28TFP;
  • PLANET GS-4210-8P2S, GS-4210-24T2;
  • DrayTek VigorSwitch P1100;
  • I-CERIO CS-2424G-24P;
  • Xhome DownLoop-G24M;
  • I-Abaniact (INABA) AML2-PS16-17GP L2;
  • I-Araknis Networks (i-SnapAV) i-AN-310-SW-16-POE;
  • I-EDIMAX GS-5424PLC, GS-5424PLC;
  • Vula i-Mesh OMS24;
  • Isixhobo sePakedge SX-8P;
  • TG-NET P3026M-24POE.

umthombo: opennet.ru

Yongeza izimvo