Wani mai binciken tsaro ya gano jimillar munanan lahani guda 11 a cikin sabuntawar firmware na kwanan nan don masu amfani da Netgear Nighthawk. Netgear ya daidaita raunin da ya faru. Misali, masu amfani da hanyar sadarwa suna adana sunayen masu amfani da kalmomin shiga cikin rubutu mai ma'ana.
Lalacewar da mai bincike Jimi Sebree na kamfanin tsaro Tenable ya samu suna cikin Nighthawk R6700v3 AC1750-fasalin firmware 1.0.4.120 kuma a cikin Nighthawk RAX43, sigar firmware 1.0.3.96. Matsalolin sun bambanta, amma duk suna da mahimmanci ga mahimmanci a cewar mai binciken, kuma ba duk Netgear ya daidaita su ba.
An yi rajista mafi mahimmancin raunin rauni kamar CVE-2021-45077 don RS6700 da CVE-2021-1771 don RAX43. Masu ba da hanya tsakanin hanyoyin sadarwa suna adana sunayen masu amfani da kalmomin shiga na na'urar kuma suna ba da sabis a cikin rubutu a sarari akan masu amfani da hanyar sadarwa, haka nan kalmar sirrin admin yana cikin bayyananne a cikin babban fayil ɗin daidaitawa na na'ura mai ba da hanya tsakanin hanyoyin sadarwa, Sebree ya rubuta a shafin yanar gizon sa.
Bugu da ƙari, akwai haɗarin cewa waɗannan sunayen masu amfani da kalmomin shiga za a iya kutsawa. A cikin RS6700v3, saboda masu amfani da hanyar sadarwa daidaitaccen amfani HTTPkuma, maimakon Https, don duk sadarwa tare da haɗin yanar gizo. Hakanan ma'aunin SOAP, akan tashar jiragen ruwa 5000, yana amfani da HTTP don sadarwa, ba da damar shigar da kalmomin shiga da sunayen masu amfani.
SOAP dubawa
Bugu da ƙari, na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana da rauni ga umarnin allura ta kuskuren allurar umarni bayan tabbatarwa a cikin sabunta software na na'urar. Haɓaka dubawa ta sabuntawa ta hanyar mu'amalar SOAP yana barin na'urar ta kasance mai rauni don ɗauka ta hanyar ƙimar da aka riga aka tsara. Hakanan, UART console rashin isasshen kariya, wanda ke ba da damar duk wanda ke da damar yin amfani da na'urar ta jiki ta hanyar tashar UART don haɗawa da yin ayyuka a matsayin tushen mai amfani ba tare da tabbaci ba.
Har ila yau, na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana amfani da takaddun shaida don wasu saitunan, ta yadda mai amfani ba zai iya daidaita wasu saitunan tsaro akai-akai ba. Waɗannan an ɓoye su, amma bisa ga masu binciken in mun gwada da sauki samu tare da kayan aikin da aka samo a bainar jama'a, yana ba da damar daidaita saitunan da duk wanda ke da damar yin amfani da hanyar sadarwa. Bugu da ƙari, na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana amfani da sanannun lahani a cikin ɗakunan karatu na jQuery da kuma a cikin minidlna.exe, yayin da akwai ƙarin sigogin kwanan nan.
Netgear Nighthawk R6700
Matsalolin da ke cikin RS6700 suna da makin CVE na 7.1 akan sikelin 1 zuwa 10. Wannan yana da mahimmanci, amma ba mahimmanci ba. Babban dalili shi ne cewa mai hari dole ne ya sami damar shiga na'ura mai ba da hanya tsakanin hanyoyin sadarwa don amfani da raunin da ya faru. Bugu da ƙari, yin amfani da raunin da ke cikin hanyar sadarwa na SOAP yana yiwuwa ne kawai idan an riga an shigar da maharin. Rashin lahani na RAX43 yana da maki 8.8 cikin 10.
RAX43 kuma yana amfani da HTTP ta tsohuwa, Sebree ya rubuta, kuma yana amfani da muggan ɗakunan karatu na jQuery iri ɗaya da sigar minidlna.exe mai rauni. Bugu da kari, RAX43 firmware yana da rauni wanda kwari biyu suka haifar. Na farko shi ne majigi ya mamaye rauni, na biyu raunin alluran umarni. Hada biyun yana bawa mutum damar yin ayyuka masu nisa a matsayin tushen, ba tare da tantancewa ba.
Netgear Nighthawk RAX43
Sebree ya rubuta cewa Tenable ya sanar da Netgear game da raunin da ya faru a ranar 30 ga Satumba. Ko da yake Netgear ya fara amsa rahoton rashin lafiyar a farkon Oktoba, an dauki lokaci mai tsawo kafin a yi wani abu game da shi. Disamba 29, Netgear sanya gargadi don raunin kan layi. Akwai kuma yanzu sabunta firmware duka biyu masu amfani da hanyar sadarwa suna saka kan layi. Sebree ya yanke shawarar a ranar 30 ga Disamba don bayyana raunin da ke ƙarƙashin ikon bayyanawa, kodayake Netgear bai riga ya tura sabuntawar firmware ga masu amfani ba.
Nighthawk RS6700 jerin na'urori ne na hanyoyin sadarwa da aka fi amfani da su a gida. An jera shi azaman AC1750 Smart WiFi Router a cikin Pricewatch, kuma yana samuwa tun Yuli 31, 2019. Rashin lahani yana cikin sigar na uku na na'ura mai ba da hanya tsakanin hanyoyin sadarwa. RAX43 yana samuwa tun Disamba 30, 2020.