Kutholwe ubungozi obune ezingxenyeni ze-Realtek SDK, esetshenziswa abakhiqizi bedivayisi engenantambo abahlukahlukene ku-firmware yabo, engavumela umhlaseli ongagunyaziwe ukuthi akhiphe ikhodi ekude kudivayisi enamalungelo aphezulu. Ngokwezilinganiso zokuqala, izinkinga zithinta okungenani amamodeli wedivayisi angu-200 avela kubahlinzeki abahlukene abangu-65, okuhlanganisa amamodeli ahlukahlukene amarutha angenawaya i-Asus, A-Link, Beeline, Belkin, Buffalo, D-Link, Edison, Huawei, LG, Logitec, MT- Isixhumanisi, i-Netgear , i-Realtek, i-Smartlink, i-UPVEL, i-ZTE ne-Zyxel.
Inkinga ihlanganisa izigaba ezihlukahlukene zamadivayisi angenawaya asekelwe ku-RTL8xxx SoC, kusukela kumarutha angenawaya nama-Wi-Fi amplifiers kuya kumakhamera we-IP namadivayisi okulawula ukukhanya okuhlakaniphile. Amadivayisi asuselwe kuma-chips e-RTL8xxx asebenzisa i-architecture ebandakanya ukufakwa kwama-SoCs amabili - eyokuqala ifaka i-firmware esekelwe ku-Linux yomkhiqizi, kanti eyesibili isebenzisa indawo ehlukile ye-Linux ehlutshiwe ngokuqaliswa kwemisebenzi yephoyinti lokufinyelela. Ukugcwaliswa kwendawo yesibili kusekelwe ezingxenyeni ezijwayelekile ezinikezwe i-Realtek ku-SDK. Lezi zingxenye ziphinde zicubungule idatha etholwe ngenxa yokuthumela izicelo zangaphandle.
Ubungozi buthinta imikhiqizo esebenzisa i-Realtek SDK v2.x, i-Realtek “Jungle” SDK v3.0-3.4 kanye ne-Realtek “Luna” SDK ngaphambi kwenguqulo 1.3.2. Ukulungiswa sekukhishwe kakade kusibuyekezo se-Realtek "Luna" SDK 1.3.2a, futhi iziqephu ze-Realtek "Jungle" SDK nazo zilungiselelwa ukushicilelwa. Azikho izinhlelo zokukhulula noma yiziphi izilungiso ze-Realtek SDK 2.x, njengoba usekelo lwaleli gatsha seluvele lunqanyuliwe. Kubo bonke ubungozi, kunikezwa ama-prototypes wokuxhaphaza asebenzayo akuvumela ukuthi usebenzise ikhodi yakho kudivayisi.
Ubungozi obuhlonziwe (okubili kokuqala kwabelwa ileveli yokuqina engu-8.1, kanti okunye - 9.8):
- I-CVE-2021-35392 - Ukuchichima kwebhafa kuzinqubo ze-mini_upnpd ne-wscd ezisebenzisa umsebenzi we-“WiFi Simple Config” (i-mini_upnpd icubungula amaphakethe e-SSDP, kanye ne-wscd, ngaphezu kokusekela i-SSDP, icubungula izicelo ze-UPnP ngokusekelwe kuphrothokholi ye-HTTP). Umhlaseli angakwazi ukufeza ukusetshenziswa kwekhodi yakhe ngokuthumela izicelo eziklanywe ngokukhethekile ze-UPnP "SUBSCRIBE" ngenombolo yembobo enkulu kakhulu kunkambu ethi "Callback". BHALISA /upnp/event/WFAWLANConfig1 HTTP/1.1 Umsingathi: 192.168.100.254:52881 Callback: NT:upnp:umcimbi
- I-CVE-2021-35393 iwubungozi kuzibambi ze-WiFi Simple Config ezenzeka lapho kusetshenziswa iphrothokholi ye-SSDP (isebenzisa i-UDP nefomethi yesicelo efana ne-HTTP). Inkinga ibangelwa ukusetshenziswa kwebhafa egxilile yamabhayithi angu-512 lapho kucutshungulwa ipharamitha ethi "ST:upnp" emilayezweni ye-M-SEARCH ethunyelwa amakhasimende ukuze kunqunywe ukuba khona kwezinsizakalo kunethiwekhi.
- I-CVE-2021-35394 isengozini yenqubo ye-MP Daemon, enesibopho sokwenza imisebenzi yokuxilonga (ping, traceroute). Inkinga ivumela ukushintshwa kwemiyalo yomuntu siqu ngenxa yokuhlola okunganele kwama-agumenti lapho kusetshenziswa izinsiza zangaphandle.
- I-CVE-2021-35395 iwuchungechunge lobungozi ekuxhumaneni kwewebhu okusekelwe kumaseva we-http /bin/webs kanye /bin/boa. Ubungozi obujwayelekile obubangelwa ukuntuleka kokuhlola ama-agumenti ngaphambi kokwethula izinsiza zangaphandle kusetshenziswa umsebenzi wesistimu() kukhonjwe kuzo zombili iziphakeli. Umehluko wehlela kuphela ekusetshenzisweni kwama-API ahlukene ekuhlaselweni. Zombili izibambi azizange zifake ukuvikelwa ekuhlaselweni kwe-CSRF kanye nezindlela “zokubuyisela kabusha i-DNS”, okuvumela ukuthumela izicelo kusuka kunethiwekhi yangaphandle kuyilapho kukhawulelwa ukufinyelela kusixhumi esibonakalayo kuphela kunethiwekhi yangaphakathi. Izinqubo ziphinde zibe ngokuzenzakalelayo ku-akhawunti yomphathi/umphathi echazwe ngaphambilini. Ukwengeza, ukuchichima kwezitaki ezimbalwa kukhonjwe kuzibambi, okwenzeka lapho kuthunyelwa izimpikiswano ezinkulu kakhulu. THUMELA /goform/formWsc HTTP/1.1 Umsingathi: 192.168.100.254 Ubude Bokuqukethwe: 129 Uhlobo Lokuqukethwe: application/x-www-form-urlencoded submit-url=%2Fwlwps.asp&resetUnCfg=0&peerPin=12345678if1> ;&setPIN=Qala+PIN&configVxd=off&resetRptUnCfg=0&peerRptPin=
- Ukwengeza, ubungozi obuningana buhlonziwe kunqubo ye-UDPServer. Njengoba kwenzeka, enye yezinkinga isivele itholwe abanye abacwaningi emuva ku-2015, kodwa ayizange ilungiswe ngokuphelele. Inkinga ibangelwa ukuntuleka kokuqinisekisa okufanele kwama-agumenti adluliselwe kumsebenzi wesistimu() futhi ingaxhashazwa ngokuthumela iyunithi yezinhlamvu efana nethi 'orf;ls' kumbobo yenethiwekhi 9034. Ngaphezu kwalokho, ukuchichima kwe-buffer kukhonjwe ku-UDPServer ngenxa yokusetshenziswa okungaphephile komsebenzi we-sprintf, ongase futhi usetshenziselwe ukuhlasela.
Source: opennet.ru