Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More

By John Scanlan, Published Aug 26, 2019, 10:36am EDT

Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered by prolific researcher bashis.

Most importantly, it shows supply chain risks with so many sharing the same fundamental software/hardware.

Inside, we report details on:

  • Vulnerability overview
  • Realtek response
  • Which manufacturers are affected
  • Why so many companies are vulnerable
  • Impact on the security industry
  • Supply chain risks

Those interested in cybersecurity within our industry should see our Cybersecurity Vulnerability Directory.

Executive *******

Realtek Switch Controller

******* ************* *** *** the **** ******* ********* - ***************** ****** ********** *******. This ******** **** ******** that **** ****** *** which **** ** *** various ****** **** **** to ****** **** *************.

*********************

***** ****** **** *** included ******* *** ****** of ***** ********.

***** *** ******* *************** in *** *** ********* stack ********* ***** *********** remote **** *********, *** in *** ***** ** concept, ****** ** **** to *** *** ****** admin ***** ****** ** credentials.

No *** **** *******

**** **** ***********, ** 5 ******, ******* ******* no ******** *** *** for ****, ********* ******'* ******:

*************, ** ** ***, since *** ******* ******** in ***** ****, ** weren’t **** ** ******* any ********* ******** **** Realtek ********* ***** ******.

Manufacturers ********

******** ** ************ *** ********* ****** manufacturers:

Switch Manufacturers Affected by Vulnerable SDK

**** * ******** ** each ************'* ******** *** impacted ***** ** ** based ** *** *** of *** ******** ******* chip. *** *******, *********, **** *** *** series, **** ***** ***** business ****, ** **********. By ********, *** ***** 300 ****** ******** **** is *** *** *** Cisco's ********** ********.

*** ************* ** *** limited ** *** ****** manufacturers *****. ****** **** us **** *** ************* has **** ****** ** 18 ******* *** ***** are ***** ******* ** unconfirmed, ** **** ** likely **** **** ***** are **** ***** *** SDK, *** *** *** discovered.

Surveillance ******** ********

*********** ******* ************ ***** *** ** the ******** *********, ***** and *******, *** *** choices *** ***** ************ network ********.

Updated ****** ********

********* **** ******** ********* should ****** ********, ** it ** *********. *****, Netgear, *** ***** ************* have ******* ******** ****** the *************. ***** *** links ** *** ******* firmware *** *** *** largest *************:

***** *** **** ********:*****-**,*****-***,*****-**,*****-***,*****-**,*****-***,*****-**,*****-****,*****-**,*****-***,**-***-**

******* ****** ********:****** ******* **** ******,*********,**********,*********,********,*********,**********,*********,********

Supply ***** *****

**** **** ****** *** published ***** **** ** least * ***** ************* without ******* ********, ********* to ****.

*** **** ** *** vulnerability ******* * *********** risk, *** **** **** it *** ** ****** distributed *** ** **** to *** *** ******* brands ** *** **, underscores *** ********** *** dangers ** ********* ******** devices ** *** ***** code ******* ** **** hardware **********.

Comments (12)

** ***** * *** ranking *** ****?

* ****** ** ***** require *** ****** ** exploit *** ** *** vulnerabilities, ************ ***** ******** are ******* *** ***** for ****** ********** ************.

Agree: 1
Disagree
Informative
Unhelpful
Funny

************* * *** ***** more **** *** ********** devices ** *** ******** as ** *****...

***** ******* *.* ** the **** ********

***** ***** ******** *** Series ***** ******** ****** Code ********* ***************

*.* *** *** ******

***** ***** ******** *** Series ***** ******** ************** Bypass *************

*** *.* *** *** third

***** ***** ******** *** Series ***** ******** ******* Injection *************

Agree
Disagree
Informative: 5
Unhelpful
Funny: 1

**** ***** ******* ** proven *************** ** ***** fit ** *** ***** items **** ********** ********, oh **** **'* *** chinese.

Agree
Disagree
Informative
Unhelpful: 1
Funny

** **** **'* *** chinese

*** **** ** **** the ******* **** **********. The *************** *** ****** back ** * ******* chip *** ***. ******* is * ******* *******.

Agree: 1
Disagree
Informative
Unhelpful
Funny: 1

* **** *** ******* involvement. ** ***** *** that ****** ** ***** to ** ***** *** for, ***** ***** *******, a ******** ******** ******.

**'* ****** ** ** that * ***** ****** like ***** *** ** many ****** *************** *** is *** * ******** security ******.

Agree
Disagree
Informative
Unhelpful
Funny

******* ** * ******* company

******* ** **** ******, *** ***, *** China, *** ***.

Agree: 1
Disagree
Informative: 2
Unhelpful
Funny

* ***** *********. *** are *****, **'* *** PRC.

*****, **** **** **** vulnerabilities ** ******** **** serious ******** ***'* *** think?It's * ******* **** and ******** *****, **** in ****.

** **** ** ***** a ** ******* **** it ****?

Agree
Disagree
Informative
Unhelpful: 1
Funny

******* ** ************* ** Taiwan, *** ***** ******* chips *** ******* ******** all **** ** ********* from * ***** ********.

Agree
Disagree
Informative: 1
Unhelpful
Funny

**** ** ***** *************** look **** **** *** coming *** *** *** UI ***** ****** ** disabled ** ***** ****.

Agree
Disagree
Informative
Unhelpful
Funny

* ****** ** ***** require *** ****** ** exploit *** ** *** vulnerabilities, ************ ***** ******** are ******* *** ***** for ****** ********** ************.

**** ***** **** **** my ***** ****, ***...

**** ************* ******* ***** Small ******** *** ****** Smart ******** ******* ******** versions ***** ** *.*.*.* with *** *** ********** interface *******.The *** ********** ********* ** ******* *** **** **** *** ***** ** *******.

Agree
Disagree
Informative
Unhelpful
Funny

*** ********:

*. *********** **** *** second ******* ******** ** Other. ** ***** * few ****** **** **** up **** ******?

*. *** ****** ******* Kevin *******:*****://***.********.***/**/*********/.**'* **** ******* *** over * ****** **** all *** ******** (** Cisco **** ** *******) have **** ****** **** with **** **** ** malware. ***** *** *** of *** ******** ******** of ********.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Agree: 1
Disagree
Informative
Unhelpful
Funny: 2
Read this IPVM report for free.

This article is part of IPVM's 6,958 reports, 927 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports