Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More
Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered by prolific researcher bashis.
Most importantly, it shows supply chain risks with so many sharing the same fundamental software/hardware.
Inside, we report details on:
- Vulnerability overview
- Realtek response
- Which manufacturers are affected
- Why so many companies are vulnerable
- Impact on the security industry
- Supply chain risks
Those interested in cybersecurity within our industry should see our Cybersecurity Vulnerability Directory.
Executive *******
******* ************* *** *** *** **** central ********* - ***************** ****** ********** *******. **** ******** core ******** **** **** ****** *** which **** ** *** ******* ****** were **** ** ****** **** *************.
*********************
***** ****** **** *** ******** ******* SDK ****** ** ***** ********.
***** *** ******* *************** ** *** SDK ********* ***** ********* ***** *********** remote **** *********, *** ** *** proof ** *******, ****** ** **** to *** *** ****** ***** ***** access ** ***********.
No *** **** *******
**** **** ***********, ** * ******, Realtek ******* ** ******** *** *** for ****, ********* ******'* ******:
*************, ** ** ***, ***** *** initial ******** ** ***** ****, ** weren’t **** ** ******* *** ********* response **** ******* ********* ***** ******.
Manufacturers ********
******** ** ************ *** ********* ****** *************:
**** * ******** ** **** ************'* products *** ******** ***** ** ** based ** *** *** ** *** specific ******* ****. *** *******, *********, **** *** *** ******, **** ***** ***** ******** ****, is **********. ** ********, *** ***** 300 ****** ******** **** ** *** nor *** *****'* ********** ********.
*** ************* ** *** ******* ** the ****** ************* *****. ****** **** us **** *** ************* *** **** proven ** ** ******* *** ***** are ***** ******* ** ***********, ** well ** ****** **** **** ***** are **** ***** *** ***, *** not *** **********.
Surveillance ******** ********
*********** ******* ************ ***** *** ** *** ******** companies, ***** *** *******, *** *** choices *** ***** ************ ******* ********.
Updated ****** ********
********* **** ******** ********* ****** ****** firmware, ** ** ** *********. *****, Netgear, *** ***** ************* **** ******* firmware ****** *** *************. ***** *** links ** *** ******* ******** *** the *** ******* *************:
***** *** **** ********:*****-**,*****-***,*****-**,*****-***,*****-**,*****-***,*****-**,*****-****,*****-**,*****-***,**-***-**
******* ****** ********:****** ******* **** ******,*********,**********,*********,********,*********,**********,*********,********
Supply ***** *****
**** **** ****** *** ********* ***** were ** ***** * ***** ************* without ******* ********, ********* ** ****.
*** **** ** *** ************* ******* a *********** ****, *** **** **** it *** ** ****** *********** *** so **** ** *** *** ******* brands ** *** **, *********** *** challenges *** ******* ** ********* ******** devices ** *** ***** **** ******* in **** ******** **********.
************* * *** ***** **** **** 30k ********** ******* ** *** ******** as ** *****...
***** ******* *.* ** *** **** critical
***** ***** ******** *** ****** ***** Switches ****** **** ********* ***************
*.* *** *** ******
***** ***** ******** *** ****** ***** Switches ************** ****** *************
*** *.* *** *** *****
***** ***** ******** *** ****** ***** Switches ******* ********* *************
**** ***** ******* ** ****** *************** it ***** *** ** *** ***** items **** ********** ********, ** **** it's *** *******.
** **** **'* *** *******
*** **** ** **** *** ******* more **********. *** *************** *** ****** back ** * ******* **** *** SDK. ******* ** * ******* *******.
* **** *** ******* ***********. ** point *** **** ****** ** ***** to ** ***** *** ***, ***** other *******, * ******** ******** ******.
**'* ****** ** ** **** * large ****** **** ***** *** ** many ****** *************** *** ** *** a ******** ******** ******.
******* ** * ******* *******
******* ** **** ******, *** ***, *** *****, *** PRC.
* ***** *********. *** *** *****, it's *** ***.
*****, **** **** **** *************** ** deserves **** ******* ******** ***'* *** think?It's * ******* **** *** ******** brand, **** ** ****.
** **** ** ***** * ** company **** ** ****?
******* ** ************* ** ******, *** their ******* ***** *** ******* ******** all **** ** ********* **** * China ********.
**** ** ***** *************** **** **** they *** ****** *** *** *** UI ***** ****** ** ******** ** begin ****.
* ****** ** ***** ******* *** access ** ******* *** ** *** vulnerabilities, ************ ***** ******** *** ******* not ***** *** ****** ********** ************.
**** ***** **** **** ** ***** also, ***...
**** ************* ******* ***** ***** ******** 220 ****** ***** ******** ******* ******** versions ***** ** *.*.*.* **** *** web ********** ********* *******.The *** ********** ********* ** ******* *** **** **** *** ***** ** *******.
*** ********:
*. *********** **** *** ****** ******* category ** *****. ** ***** * few ****** **** **** ** **** number?
*. *** ****** ******* ***** *******:*****://***.********.***/**/*********/.**'* **** ******* *** **** * decade **** *** *** ******** (** Cisco **** ** *******) **** **** coming **** **** **** **** ** malware. ***** *** *** ** *** original ******** ** ********.
** ***** * *** ******* *** this?
* ****** ** ***** ******* *** access ** ******* *** ** *** vulnerabilities, ************ ***** ******** *** ******* not ***** *** ****** ********** ************.