Critical Vulnerability Across 18+ Network Switch Vendors: Cisco, Netgear, More

By John Scanlan, Published Aug 26, 2019, 10:36am EDT

Cisco, Netgear and more than a dozen other brands, including small Asian ones, have been found to share the same critical vulnerability, discovered by prolific researcher bashis.

Most importantly, it shows supply chain risks with so many sharing the same fundamental software/hardware.

Inside, we report details on:

  • Vulnerability overview
  • Realtek response
  • Which manufacturers are affected
  • Why so many companies are vulnerable
  • Impact on the security industry
  • Supply chain risks

Those interested in cybersecurity within our industry should see our Cybersecurity Vulnerability Directory.

Executive *******

Realtek Switch Controller

******* ************* *** *** the **** ******* ********* - ***************** ****** ********** *******. This ******** **** ******** that **** ****** *** which **** ** *** various ****** **** **** to ****** **** *************.

*********************

***** ****** **** *** included ******* *** ****** of ***** ********.

***** *** ******* *************** in *** *** ********* stack ********* ***** *********** remote **** *********, *** in *** ***** ** concept, ****** ** **** to *** *** ****** admin ***** ****** ** credentials.

No *** **** *******

**** **** ***********, ** 5 ******, ******* ******* no ******** *** *** for ****, ********* ******'* ******:

*************, ** ** ***, since *** ******* ******** in ***** ****, ** weren’t **** ** ******* any ********* ******** **** Realtek ********* ***** ******.

Manufacturers ********

******** ** ************ *** ********* ****** manufacturers:

Switch Manufacturers Affected by Vulnerable SDK

**** * ******** ** each ************'* ******** *** impacted ***** ** ** based ** *** *** of *** ******** ******* chip. *** *******, *********, **** *** *** series, **** ***** ***** business ****, ** **********. By ********, *** ***** 300 ****** ******** **** is *** *** *** Cisco's ********** ********.

*** ************* ** *** limited ** *** ****** manufacturers *****. ****** **** us **** *** ************* has **** ****** ** 18 ******* *** ***** are ***** ******* ** unconfirmed, ** **** ** likely **** **** ***** are **** ***** *** SDK, *** *** *** discovered.

Surveillance ******** ********

*********** ******* ************ ***** *** ** the ******** *********, ***** and *******, *** *** choices *** ***** ************ network ********.

Updated ****** ********

********* **** ******** ********* should ****** ********, ** it ** *********. *****, Netgear, *** ***** ************* have ******* ******** ****** the *************. ***** *** links ** *** ******* firmware *** *** *** largest *************:

***** *** **** ********:*****-**,*****-***,*****-**,*****-***,*****-**,*****-***,*****-**,*****-****,*****-**,*****-***,**-***-**

******* ****** ********:****** ******* **** ******,*********,**********,*********,********,*********,**********,*********,********

Supply ***** *****

**** **** ****** *** published ***** **** ** least * ***** ************* without ******* ********, ********* to ****.

*** **** ** *** vulnerability ******* * *********** risk, *** **** **** it *** ** ****** distributed *** ** **** to *** *** ******* brands ** *** **, underscores *** ********** *** dangers ** ********* ******** devices ** *** ***** code ******* ** **** hardware **********.

Comments (12)

** ***** * *** ranking *** ****?

* ****** ** ***** require *** ****** ** exploit *** ** *** vulnerabilities, ************ ***** ******** are ******* *** ***** for ****** ********** ************.

************* * *** ***** more **** *** ********** devices ** *** ******** as ** *****...

***** ******* *.* ** the **** ********

***** ***** ******** *** Series ***** ******** ****** Code ********* ***************

*.* *** *** ******

***** ***** ******** *** Series ***** ******** ************** Bypass *************

*** *.* *** *** third

***** ***** ******** *** Series ***** ******** ******* Injection *************

**** ***** ******* ** proven *************** ** ***** fit ** *** ***** items **** ********** ********, oh **** **'* *** chinese.

** **** **'* *** chinese

*** **** ** **** the ******* **** **********. The *************** *** ****** back ** * ******* chip *** ***. ******* is * ******* *******.

* **** *** ******* involvement. ** ***** *** that ****** ** ***** to ** ***** *** for, ***** ***** *******, a ******** ******** ******.

**'* ****** ** ** that * ***** ****** like ***** *** ** many ****** *************** *** is *** * ******** security ******.

******* ** * ******* company

******* ** **** ******, *** ***, *** China, *** ***.

* ***** *********. *** are *****, **'* *** PRC.

*****, **** **** **** vulnerabilities ** ******** **** serious ******** ***'* *** think?It's * ******* **** and ******** *****, **** in ****.

** **** ** ***** a ** ******* **** it ****?

******* ** ************* ** Taiwan, *** ***** ******* chips *** ******* ******** all **** ** ********* from * ***** ********.

**** ** ***** *************** look **** **** *** coming *** *** *** UI ***** ****** ** disabled ** ***** ****.

* ****** ** ***** require *** ****** ** exploit *** ** *** vulnerabilities, ************ ***** ******** are ******* *** ***** for ****** ********** ************.

**** ***** **** **** my ***** ****, ***...

**** ************* ******* ***** Small ******** *** ****** Smart ******** ******* ******** versions ***** ** *.*.*.* with *** *** ********** interface *******.The *** ********** ********* ** ******* *** **** **** *** ***** ** *******.

*** ********:

*. *********** **** *** second ******* ******** ** Other. ** ***** * few ****** **** **** up **** ******?

*. *** ****** ******* Kevin *******:*****://***.********.***/**/*********/.**'* **** ******* *** over * ****** **** all *** ******** (** Cisco **** ** *******) have **** ****** **** with **** **** ** malware. ***** *** *** of *** ******** ******** of ********.

Read this IPVM report for free.

This article is part of IPVM's 6,805 reports, 913 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports