Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More

By John Scanlan, Published Aug 26, 2019, 10:36am EDT

Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered by prolific researcher bashis.

Most importantly, it shows supply chain risks with so many sharing the same fundamental software/hardware.

Inside, we report details on:

  • Vulnerability overview
  • Realtek response
  • Which manufacturers are affected
  • Why so many companies are vulnerable
  • Impact on the security industry
  • Supply chain risks

Those interested in cybersecurity within our industry should see our Cybersecurity Vulnerability Directory.

Executive *******

Realtek Switch Controller

******* ************* *** *** the **** ******* ********* - ***************** ****** ********** *******. This ******** **** ******** that **** ****** *** which **** ** *** various ****** **** **** to ****** **** *************.

*********************

***** ****** **** *** included ******* *** ****** of ***** ********.

***** *** ******* *************** in *** *** ********* stack ********* ***** *********** remote **** *********, *** in *** ***** ** concept, ****** ** **** to *** *** ****** admin ***** ****** ** credentials.

No *** **** *******

**** **** ***********, ** 5 ******, ******* ******* no ******** *** *** for ****, ********* ******'* ******:

*************, ** ** ***, since *** ******* ******** in ***** ****, ** weren’t **** ** ******* any ********* ******** **** Realtek ********* ***** ******.

Manufacturers ********

******** ** ************ *** ********* ****** manufacturers:

Switch Manufacturers Affected by Vulnerable SDK

**** * ******** ** each ************'* ******** *** impacted ***** ** ** based ** *** *** of *** ******** ******* chip. *** *******, *********, **** *** *** series, **** ***** ***** business ****, ** **********. By ********, *** ***** 300 ****** ******** **** is *** *** *** Cisco's ********** ********.

*** ************* ** *** limited ** *** ****** manufacturers *****. ****** **** us **** *** ************* has **** ****** ** 18 ******* *** ***** are ***** ******* ** unconfirmed, ** **** ** likely **** **** ***** are **** ***** *** SDK, *** *** *** discovered.

Surveillance ******** ********

*********** ******* ************ ***** *** ** the ******** *********, ***** and *******, *** *** choices *** ***** ************ network ********.

Updated ****** ********

********* **** ******** ********* should ****** ********, ** it ** *********. *****, Netgear, *** ***** ************* have ******* ******** ****** the *************. ***** *** links ** *** ******* firmware *** *** *** largest *************:

***** *** **** ********:*****-**,*****-***,*****-**,*****-***,*****-**,*****-***,*****-**,*****-****,*****-**,*****-***,**-***-**

******* ****** ********:****** ******* **** ******,*********,**********,*********,********,*********,**********,*********,********

Supply ***** *****

**** **** ****** *** published ***** **** ** least * ***** ************* without ******* ********, ********* to ****.

*** **** ** *** vulnerability ******* * *********** risk, *** **** **** it *** ** ****** distributed *** ** **** to *** *** ******* brands ** *** **, underscores *** ********** *** dangers ** ********* ******** devices ** *** ***** code ******* ** **** hardware **********.

Comments (12)

Undisclosed #1

08/26/19 03:44pm

** ***** * *** ranking *** ****?

* ****** ** ***** require *** ****** ** exploit *** ** *** vulnerabilities, ************ ***** ******** are ******* *** ***** for ****** ********** ************.

Agree: 1
Disagree
Informative
Unhelpful
Funny

bashis mcw

In reply to Undisclosed #1 | 08/26/19 07:32pm

************* * *** ***** more **** *** ********** devices ** *** ******** as ** *****...

***** ******* *.* ** the **** ********

***** ***** ******** *** Series ***** ******** ****** Code ********* ***************

*.* *** *** ******

***** ***** ******** *** Series ***** ******** ************** Bypass *************

*** *.* *** *** third

***** ***** ******** *** Series ***** ******** ******* Injection *************

Agree
Disagree
Informative: 5
Unhelpful
Funny: 1

Bas Poiesz

In reply to bashis mcw | 08/27/19 08:54am

**** ***** ******* ** proven *************** ** ***** fit ** *** ***** items **** ********** ********, oh **** **'* *** chinese.

Agree
Disagree
Informative
Unhelpful: 1
Funny

Undisclosed #1

In reply to Bas Poiesz | 08/27/19 09:32am

** **** **'* *** chinese

*** **** ** **** the ******* **** **********. The *************** *** ****** back ** * ******* chip *** ***. ******* is * ******* *******.

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

Bas Poiesz

In reply to Undisclosed #1 | 08/27/19 11:26am

* **** *** ******* involvement. ** ***** *** that ****** ** ***** to ** ***** *** for, ***** ***** *******, a ******** ******** ******.

**'* ****** ** ** that * ***** ****** like ***** *** ** many ****** *************** *** is *** * ******** security ******.

Agree
Disagree
Informative
Unhelpful
Funny

John Honovich

IPVM | In reply to Undisclosed #1 | 08/27/19 11:26am

******* ** * ******* company

******* ** **** ******, *** ***, *** China, *** ***.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

Bas Poiesz

In reply to John Honovich | 08/27/19 11:40am

* ***** *********. *** are *****, **'* *** PRC.

*****, **** **** **** vulnerabilities ** ******** **** serious ******** ***'* *** think?It's * ******* **** and ******** *****, **** in ****.

** **** ** ***** a ** ******* **** it ****?

Agree
Disagree
Informative
Unhelpful: 1
Funny

Undisclosed #1

In reply to John Honovich | 08/27/19 11:46am

******* ** ************* ** Taiwan, *** ***** ******* chips *** ******* ******** all **** ** ********* from * ***** ********.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Jonathan Strauss

In reply to Bas Poiesz | 08/27/19 02:48pm

**** ** ***** *************** look **** **** *** coming *** *** *** UI ***** ****** ** disabled ** ***** ****.

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed #3

IPVMU Certified | In reply to Undisclosed #1 | 08/26/19 08:59pm

* ****** ** ***** require *** ****** ** exploit *** ** *** vulnerabilities, ************ ***** ******** are ******* *** ***** for ****** ********** ************.

**** ***** **** **** my ***** ****, ***...

**** ************* ******* ***** Small ******** *** ****** Smart ******** ******* ******** versions ***** ** *.*.*.* with *** *** ********** interface *******.The *** ********** ********* ** ******* *** **** **** *** ***** ** *******.

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed Manufacturer #2

08/26/19 04:35pm

*** ********:

*. *********** **** *** second ******* ******** ** Other. ** ***** * few ****** **** **** up **** ******?

*. *** ****** ******* Kevin *******:*****://***.********.***/**/*********/.**'* **** ******* *** over * ****** **** all *** ******** (** Cisco **** ** *******) have **** ****** **** with **** **** ** malware. ***** *** *** of *** ******** ******** of ********.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Undisclosed #4

08/27/19 03:49pm

Agree: 1
Disagree
Informative
Unhelpful
Funny: 2
Read this IPVM report for free.

This article is part of IPVM's 6,958 reports, 927 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports