Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More

By John Scanlan, Published Aug 26, 2019, 10:36am EDT

Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered by prolific researcher bashis.

Most importantly, it shows supply chain risks with so many sharing the same fundamental software/hardware.

Inside, we report details on:

  • Vulnerability overview
  • Realtek response
  • Which manufacturers are affected
  • Why so many companies are vulnerable
  • Impact on the security industry
  • Supply chain risks

Those interested in cybersecurity within our industry should see our Cybersecurity Vulnerability Directory.

Executive *******

Realtek Switch Controller

******* ************* *** *** the **** ******* ********* - ***************** ****** ********** *******. This ******** **** ******** that **** ****** *** which **** ** *** various ****** **** **** to ****** **** *************.

*********************

***** ****** **** *** included ******* *** ****** of ***** ********.

***** *** ******* *************** in *** *** ********* stack ********* ***** *********** remote **** *********, *** in *** ***** ** concept, ****** ** **** to *** *** ****** admin ***** ****** ** credentials.

No *** **** *******

**** **** ***********, ** 5 ******, ******* ******* no ******** *** *** for ****, ********* ******'* ******:

*************, ** ** ***, since *** ******* ******** in ***** ****, ** weren’t **** ** ******* any ********* ******** **** Realtek ********* ***** ******.

Manufacturers ********

******** ** ************ *** ********* ****** manufacturers:

Switch Manufacturers Affected by Vulnerable SDK

**** * ******** ** each ************'* ******** *** impacted ***** ** ** based ** *** *** of *** ******** ******* chip. *** *******, *********, **** *** *** series, **** ***** ***** business ****, ** **********. By ********, *** ***** 300 ****** ******** **** is *** *** *** Cisco's ********** ********.

*** ************* ** *** limited ** *** ****** manufacturers *****. ****** **** us **** *** ************* has **** ****** ** 18 ******* *** ***** are ***** ******* ** unconfirmed, ** **** ** likely **** **** ***** are **** ***** *** SDK, *** *** *** discovered.

Surveillance ******** ********

*********** ******* ************ ***** *** ** the ******** *********, ***** and *******, *** *** choices *** ***** ************ network ********.

Updated ****** ********

********* **** ******** ********* should ****** ********, ** it ** *********. *****, Netgear, *** ***** ************* have ******* ******** ****** the *************. ***** *** links ** *** ******* firmware *** *** *** largest *************:

***** *** **** ********:*****-**,*****-***,*****-**,*****-***,*****-**,*****-***,*****-**,*****-****,*****-**,*****-***,**-***-**

******* ****** ********:****** ******* **** ******,*********,**********,*********,********,*********,**********,*********,********

Supply ***** *****

**** **** ****** *** published ***** **** ** least * ***** ************* without ******* ********, ********* to ****.

*** **** ** *** vulnerability ******* * *********** risk, *** **** **** it *** ** ****** distributed *** ** **** to *** *** ******* brands ** *** **, underscores *** ********** *** dangers ** ********* ******** devices ** *** ***** code ******* ** **** hardware **********.

Comments (12)

Undisclosed #1

08/26/19 03:44pm

Is there a CVE ranking for this?

I assume it would require LAN access to exploit any of the vulnerabilities, particularly since switches are usually not setup for remote management individually.

Agree: 1
Disagree
Informative
Unhelpful
Funny

bashis mcw

In reply to Undisclosed #1 | 08/26/19 07:32pm

Unfortunately I can prove more than 30k vulnerable devices on the internet as of today...

Cisco ranking 9.8 of the most critical

Cisco Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities

9.1 for the second

Cisco Small Business 220 Series Smart Switches Authentication Bypass Vulnerability

And 7.2 for the third

Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability

Agree
Disagree
Informative: 5
Unhelpful
Funny: 1

Bas Poiesz

In reply to bashis mcw | 08/27/19 08:54am

With these numbers of proven vulnerabilities it seems fit to ban these items from government installs, oh wait it's not chinese.

Agree
Disagree
Informative
Unhelpful: 1
Funny

Undisclosed #1

In reply to Bas Poiesz | 08/27/19 09:32am

oh wait it's not chinese

You need to read the article more thoroughly. The vulnerabilities are traced back to a Realtek chip and SDK. Realtek is a Chinese company.

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

Bas Poiesz

In reply to Undisclosed #1 | 08/27/19 11:26am

I read the realtek involvement. My point was that Huawei is about to be under ban for, among other reasons, a national security threat.

It's ironic to me that a large player like Cisco has so many proven vulnerabilities and is not a national security threat.

Agree
Disagree
Informative
Unhelpful
Funny

John Honovich

IPVM | In reply to Undisclosed #1 | 08/27/19 11:26am

Realtek is a Chinese company

Realtek is from Taiwan, the RoC, not China, the PRC.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

Bas Poiesz

In reply to John Honovich | 08/27/19 11:40am

I stand corrected. You are right, it's not PRC.

Still, with this many vulnerabilities it deserves some serious scrutiny don't you think?It's a broadly used and accepted brand, also in CCTV.

Or does it being a US company make it safe?

Agree
Disagree
Informative
Unhelpful: 1
Funny

Undisclosed #1

In reply to John Honovich | 08/27/19 11:46am

Realtek is headquartered in Taiwan, but their network chips and related software all seem to originate from a China facility.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Jonathan Strauss

In reply to Bas Poiesz | 08/27/19 02:48pm

Most of these vulnerabilities look like they are coming via the Web UI which should be disabled to begin with.

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed #3

IPVMU Certified | In reply to Undisclosed #1 | 08/26/19 08:59pm

I assume it would require LAN access to exploit any of the vulnerabilities, particularly since switches are usually not setup for remote management individually.

that would have been my guess also, but...

This vulnerability affects Cisco Small Business 220 Series Smart Switches running firmware versions prior to 1.1.4.4 with the web management interface enabled. The web management interface is enabled via both HTTP and HTTPS by default.

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed Manufacturer #2

08/26/19 04:35pm

Two comments:

1. Interesting that the second largest category is Other. Is there a few brands that make up that number?

2. You should contact Kevin Coleman: https://www.linkedin.com/in/kgcoleman/. He's been pushing for over a decade that all the switches (eg Cisco made in FoxConn) have been coming over with some kind of malware. Kevin was one of the original founders of Netscape.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Undisclosed #4

08/27/19 03:49pm

Agree: 1
Disagree
Informative
Unhelpful
Funny: 2
Read this IPVM report for free.

This article is part of IPVM's 7,275 reports and 969 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports