kwiintsuku ezimbalwa ezidlulileyos ukubhaqwa kobuthathaka kwabhengezwa ukhuseleko olunzima kwiifirewall, amasango enethiwekhi yabucala enenyani kunye nabalawuli beendawo zofikelelo ezenziwe yiZyxel Communications Corp.
Kucacisiwe ukuba kwinyanga ephelileyo, abaphandi bokhuseleko ifemu yokhuseleko lwe-cybersecurity yaseDutch I-Eye Control yabhala ityala kwaye bakhankanya ukuba ubuthathaka buchaphazela ngaphezu kwezixhobo ze-100.000 ezenziwe yinkampani.
Ukuba sesichengeni kuthetha ukuba izixhobo zinomnyango ofihliweyo wenqanaba lolawulo enokunika abahlaseli ukufikelela kwiingcambu kwizixhobo ezine-SSH okanye indawo yolawulo yewebhu.
Ngokunikwa igama lomsebenzisi elifihliweyo kunye negama lokugqitha, abahlaseli banokufumana ukufikelela kuthungelwano usebenzisa izixhobo zeZyxel.
Umphandi we-Eye Control uNiels Teusink uthi: "Banokuthi bathintele itrafikhi okanye benze iiakhawunti zeVPN ukufumana ukufikelela kwinethiwekhi ngasemva kwesixhobo."
Ubuthathaka bufumaneka kwi Los izixhobo series I-ATP ye-Zyxel, i-USG, i-USG Flex, i-VPN kunye ne-NXC.
Ngelixa ingelilo igama lekhaya, iZyxel yinkampani esekwe eTaiwan eyenza izixhobo zonxibelelwano zisetyenziswe ikakhulu ngamashishini amancinci naphakathi.
Ngapha koko, inkampani inoluhlu oluphawuleka ngokumangalisayo lokuqala: yayiyinkampani yokuqala emhlabeni ukuyila imodem ye-analog / yedijithali ye-ISDN, eyokuqala enesango le-ADSL2 +, kunye neyokuqala ukunika i-firewall yobuqu ephathekayo enobungakanani belaptop. intende yesandla, phakathi kwezinye iimpumelelo.
Nangona kunjalo, Eli ayiloxesha lokuqala ubuthathaka bufunyenwe kwizixhobo zeZyxel. I-Fraunhofer Institute for Communication study in July ebizwa ngokuba yi-Zyxel kunye ne-AsusTek Computer Inc., i-Netgear Inc., i-D-Link Corp., i-Linksys, i-TP-Link Technologies Co. Ltd. kunye ne-AVM Computersysteme Vertriebs GmbH ngokuba nemiba yezinga lokhuseleko.
Ngokutsho kwabameli benkampani yeZyxel, ucango lwangasemva aluzange lube sisiphumo somsebenzi okhohlakeleyo ukusuka kubahlaseli beqela lesithathu, umz.I-ro yayiyinto eqhelekileyo esetyenziselwa ukukhuphela uhlaziyo ngokuzenzekelayo i-firmware ngeFTP.
Kufuneka kuqatshelwe ukuba igama eligqithisiweyo elichazwe kwangaphambili alizange liguqulelwe ngokuntsonkothileyo kunye nabaphandi bokhuseleko kwi-Eye Control yaqaphela xa behlola amaqhekeza okubhaliweyo afunyenwe kumfanekiso we-firmware.
Kwisiseko sabasebenzisi, Igama lokugqitha laligcinwe ngokohlobo lwehashi kwaye i-akhawunti eyongezelelweyo yayikhutshiwe kuluhlu lwabasebenzisi, kodwa enye yeefayile eziphunyeziweyo iqulethe igama eliyimfihlo kwisicatshulwa esicacileyo.UZyxel waxelelwa ngengxaki ngasekupheleni kukaNovemba kwaye wayilungisa ngokuyinxenye.
I-ATP (i-Advanced Threat Protection), i-USG (iSango loKhuseleko oluManyeneyo), i-USG FLEX kunye ne-Zyxel VPN i-firewalls, kunye ne-NXC2500 kunye ne-NXC5500 abalawuli beendawo zokufikelela zichaphazelekayo.
I-Zyxel iye yajongana nobuthathaka, ngokusemthethweni ebizwa ngokuba yi-CVE-2020-29583, kwingcebiso kwaye ikhuphe isiqwenga sokulungisa lo mba. Kwisaziso, inkampani yaqaphela ukuba iakhawunti yomsebenzisi efihliweyo "zyfwp" yenzelwe ukuhambisa uhlaziyo lwe-firmware oluzenzekelayo ukufikelela kumanqaku aqhagamshelwe ngeFTP.
Ingxaki kwiifirewall yalungiswa kuhlaziyo lwe-firmware V4.60 Patch1 (Kubangwa ukuba igama eligqithisiweyo elichazwe kwangaphambili livele kuphela kwi-firmware V4.60 Patch0, kwaye iinguqulelo ze-firmware ezindala azichatshazelwa ngumba, kodwa kukho ezinye izinto ezibuthathaka kwi-firmware endala apho izixhobo zinokuhlaselwa).
Kwiindawo ezishushu, Ulungiso luya kubandakanywa kuhlaziyo lwe-V6.10 Patch1 olucwangciselwe u-Epreli 2021. Bonke abasebenzisi bezixhobo zengxaki bayacetyiswa ukuba bahlaziye ngokukhawuleza i-firmware okanye bavale ukufikelela kumachweba womnatha kwinqanaba le-firewall.
Ingxaki yandiswa kukuba inkonzo ye-VPN kunye nojongano lwewebhu lokulawula isixhobo ngokungagqibekanga yamkela uxhulumaniso kwi-port yenethiwekhi efanayo 443, yingakho abasebenzisi abaninzi beshiya i-443 evulekileyo kwizicelo zangaphandle kwaye, ngoko ke, Ukongeza kwi-VPN. hotspot, bashiye kunye nokukwazi ukungena kujongano lwewebhu.
Ngokweziqikelelo zokuqala, ngaphezu kwe-100 lamawaka ezixhobo eziqulathe i-backdoor echongiweyo Ziyafumaneka kuthungelwano ukuze ziqhagamshele nge-port yenethiwekhi 443.
Abasebenzisi bezixhobo zeZyxel ezichaphazelekayo bayacetyiswa ukuba bafakele uhlaziyo olufanelekileyo lwe-firmware ukwenzela ukhuseleko olululo.
Umthombo: https://www.eyecontrol.nl