Ubuthathaka obune buchongiwe kumacandelo e-Realtek SDK, esetyenziswa ngabavelisi besixhobo esingenazingcingo kwi-firmware yabo, enokuvumela umhlaseli ongagunyaziswanga ukuba enze ikhowudi ekude kwisixhobo esinamalungelo aphezulu. Ngokutsho koqikelelo lokuqala, iingxaki zichaphazela ubuncinane iimodeli zesixhobo se-200 ezivela kubaboneleli abahlukeneyo abangama-65, kubandakanywa iimodeli ezahlukeneyo zeerutha ezingenazingcingo Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT- Ikhonkco, iNetgear, iRealtek, iSmartlink, iUPVEL, iZTE kunye neZyxel.
Ingxaki ihlanganisa iiklasi ezahlukeneyo zezixhobo ezingenazintambo ezisekelwe kwi-RTL8xxx SoC, ukusuka kwii-router ezingenazintambo kunye ne-Wi-Fi amplifiers ukuya kwiikhamera ze-IP kunye nezixhobo zokulawula ukukhanya. Izixhobo ezisekelwe kwiitshiphusi ze-RTL8xxx zisebenzisa i-architecture ebandakanya ukufakwa kwee-SoCs ezimbini - eyokuqala ifaka i-firmware esekwe kwi-Linux yomenzi, kwaye eyesibini iqhuba indawo ye-Linux ehluthiweyo eyahlukileyo kunye nokuphunyezwa kwendawo yokufikelela imisebenzi. Ukuzaliswa kwendawo yesibini kusekelwe kumacandelo asemgangathweni anikezelwe yi-Realtek kwi-SDK. La macandelo asebenza kwakhona idatha efunyenweyo ngenxa yokuthumela izicelo zangaphandle.
Ubuthathaka buchaphazela iimveliso ezisebenzisa i-Realtek SDK v2.x, i-Realtek βJungleβ SDK v3.0-3.4 kunye ne-Realtek βLunaβ SDK phambi kwenguqulelo 1.3.2. Ukulungiswa sele kukhutshwe kwi-Realtek "Luna" SDK 1.3.2a update, kunye neepatches ze-Realtek "Jungle" SDK nazo zilungiselelwe ukupapashwa. Akukho zicwangciso zokukhulula naziphi na izilungiso ze-Realtek SDK 2.x, ekubeni inkxaso yeli sebe sele iyekiwe. Kubo bonke ubuthathaka, iiprototypes ezisebenzayo zinikezelwe ezikuvumela ukuba wenze ikhowudi yakho kwisixhobo.
Ubuthathaka obuchongiweyo (ababini bokuqala babelwa inqanaba lobunzima be-8.1, kwaye abanye - 9.8):
- I-CVE-2021-35392 - Ukuphuphuma kwe-Buffer kwi-mini_upnpd kunye neenkqubo ze-wscd ezenza "i-WiFi Simple Config" isebenze (i-mini_upnpd iinkqubo ze-SSDP iipakethi, kunye ne-wscd, ngaphezu kokuxhasa i-SSDP, iinkqubo zezicelo ze-UPnP ezisekelwe kwi-HTTP protocol). Umhlaseli unokufezekisa ukuphunyezwa kwekhowudi yakhe ngokuthumela izicelo ezenziwe ngokukodwa ze-UPnP "SUBSCRIBE" ngenombolo enkulu yezibuko kwindawo ethi "Callback". BHALISA /upnp/event/WFAWLANConfig1 HTTP/1.1 Umamkeli: 192.168.100.254:52881 Callback: NT:upnp:isiganeko
- I-CVE-2021-35393 bubuthathaka kwi-WiFi Simple Config iziphathi ezenzeka xa usebenzisa i-SSDP protocol (isebenzisa i-UDP kunye nefomathi yesicelo efana ne-HTTP). Umba ubangelwa kusetyenziso lwe-buffer esisigxina ye-512 bytes xa kusetyenzwa i-"ST:upnp" ipharamitha kwimiyalezo ye-M-SEARCH ethunyelwa ngabathengi ukumisela ubukho beenkonzo kwinethiwekhi.
- I-CVE-2021-35394 inobungozi kwinkqubo ye-MP Daemon, ejongene nokwenza imisebenzi yokuxilonga (ping, traceroute). Ingxaki ivumela ukutshintshwa kwemiyalelo yomntu ngenxa yokungajongi ngokwaneleyo kweengxoxo xa kusenziwa izinto eziluncedo zangaphandle.
- I-CVE-2021-35395 luluhlu lobuthathaka kujongano lwewebhu olusekwe kwiiseva ze-http /bin/webs kunye /bin/boa. Ubuthathaka obuqhelekileyo obubangelwa kukunqongophala kokujonga iimpikiswano phambi kokundulula izinto eziluncedo zangaphandle usebenzisa inkqubo () umsebenzi wachongiwe kubo bobabini abancedisi. Umahluko wehla kuphela ekusebenziseni ii-API ezahlukeneyo zokuhlaselwa. Bobabini abaphangi khange baquke ukhuseleko kuhlaselo lwe-CSRF kunye nendlela "yokubuyisela i-DNS", evumela ukuthumela izicelo kuthungelwano lwangaphandle ngelixa ithintela ukufikelela kujongano kuphela kwinethiwekhi yangaphakathi. Iinkqubo zikwasilela kwiakhawunti echaziweyo yomphathi/yomphathi. Ukongezelela, ukuphuphuma kwee-stack ezininzi kuchongiwe kubaphathi, okwenzeka xa iingxabano ezinkulu kakhulu zithunyelwa. I-POST /goform/formWsc HTTP/1.1 Inginginya: 192.168.100.254 Ubude boMxholo: 129 Uhlobo loMxholo: isicelo/x-www-form-urlencoded submit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678mp/1config/config> ;&setPIN=Qala+PIN&configVxd=off&resetRptUnCfg=0&peerRptPin=
- Ukongeza, ubuthathaka obuninzi buchongiwe kwinkqubo ye-UDPServer. Njengoko kwavela, enye yeengxaki sele ifunyenwe ngabanye abaphandi emva kwe-2015, kodwa ayizange ilungiswe ngokupheleleyo. Ingxaki ibangelwa kukunqongophala koqinisekiso olululo lweempikiswano ezigqithiselwe kwindlela () umsebenzi kwaye ingasetyenziswa ngokuthumela umtya onje ngo 'orf;ls' kuthungelwano lwezibuko 9034. Ukongeza, i-buffer overflow ichongiwe kwi-UDPServer ngenxa yokusetyenziswa okungakhuselekanga komsebenzi we-sprintf, onokuthi usetyenziselwe ukwenza uhlaselo.
umthombo: opennet.ru