- Zowopsa ziwiri (CVE-2025-7850 ndi CVE-2025-7851) zimakhudza ma routers a TP-Link Omada ndi Festa VPN.
- Palibe umboni wogwiritsiridwa ntchito mwakhama; TP-Link yatulutsa firmware ndipo ikupempha ogwiritsa ntchito kusintha mawu awo achinsinsi.
- A US akuganiza zochepetsera malonda a TP-Link pazifukwa zachitetezo cha dziko; kampaniyo imakana maulalo aliwonse ku China.
- Mabungwe aku Spain ndi EU akuyenera kusintha, kugawa maukonde ndi kulimbikitsa njira zolowera.
Ma router akatswiri kuchokera Magulu a TP-Link a Omada ndi Festa VPN Iwo akumana ndi ziwopsezo ziwiri zowopsa kwambiri zomwe zitha kuloleza wowukira kuti azilamulira chipangizocho. Chenjezo limabwera mu lipoti laukadaulo lochokera ku Forescout Research - Vedere Labs, lomwe limalimbikitsa kugwiritsa ntchito nthawi yomweyo kukonza kofunikira. zosintha za firmware zatulutsidwa kale ndi TP-Link.
Izi zikubwera panthawi yazandale: mabungwe angapo aku US amathandizira kuti dipatimenti yazamalonda isinthe kuletsa kugulitsa kwamtsogolo kwa zinthu za TP-Link pazifukwa zachitetezo cha dziko. Kampaniyo, kumbali yake, ikukana kulumikizana kulikonse ndi China ndipo imati mabungwe ake aku US ... Sali pansi pa malangizo anzeru kuchokera ku dziko la Asia.
Zomwe kwenikweni zapezeka
La kusatetezeka koyamba, yodziwika ngati CVE-2025-7850, Imalola jakisoni wa malamulo oyendetsera ntchito chifukwa chosakwanira kuyeretsa kwazomwe ogwiritsa ntchito.Ndi kuchuluka kwamphamvu kwa 9,3, muzochitika zina Ikhoza kugwiritsidwa ntchito ngakhale popanda zizindikiro..
El chigamulo chachiwiri, CVE-2025-7851 (chiwerengero 8,7), Imawulula magwiridwe antchito otsalira omwe amathandizira kupeza mizu kudzera pa SSHMwakuchita, njira yobisika imeneyo akhoza kupereka kulamulira kwathunthu kwa rauta kwa wowukira amene akugwiritsa ntchito bwino.
Malinga ndi Forescout, zofooka zimakhudza Zida za TP-Link Omada ndi ma router a Festa VPNZida izi ndizofala m'ma SME, maofesi ogawidwa, komanso kutumizidwa kwamakampani. Ku Spain ndi EU, amagwiritsidwa ntchito pafupipafupi kupezeka kwakutali ndi magawo amasambaChifukwa chake, zomwe zingakhudze zomwe zingatheke zimafikira ku ma network abizinesi ndi malo ovuta.
Zowopsa: zomwe zimadziwika komanso zigamba zomwe zilipo
Ofufuza akusonyeza zimenezo Palibe umboni wapagulu wogwiritsa ntchito masuku pamutu za zolakwika ziwiri izi panthawi ya lipoti. Komabe, zida za TP-Link zakhala zikuyang'aniridwa m'mbuyomu ndi mabotolo akuluakulu, monga Quad7, komanso magulu olumikizidwa ku China omwe adachitapo kanthu. anachita kuukira kupopera achinsinsi motsutsana ndi maakaunti a Microsoft 365, pakati pamakampeni ena.
Forescout ndi TP-Link amalimbikitsa kusinthira nthawi yomweyo kumitundu yosindikizidwa ya firmware kuti mukonze zolakwika.Pambuyo pakusintha, TP-Link imakulimbikitsani kuti musinthe mawu achinsinsi a woyang'anira. Kuphatikiza apo, ndikofunikira kugwiritsa ntchito njira zodzitetezera kuchepetsa kuukira pamwamba:
- Letsani mwayi wofikira kutali ku utsogoleri ngati sikofunikira ndi chepetsani ndi mindandanda yowongolera anthu (ACLs) kapena VPN.
- Sinthani zidziwitso ndi makiyi a SSHndi wunikanso ogwiritsa ntchito pa chipangizocho.
- Gawani magalimoto owongolera kukhala VLAN yodzipatulira ndi Malireni SSH ku ma IP odalirika okha.
- Kuyang'anira zipika zamakina ndi yambitsani zidziwitso zolowera pa perimeter.
Muzochitika za ku Ulaya, izi zimagwirizana ndi zofuna za kasamalidwe ka zigamba ndi kuwongolera kolowera zomwe zikuphatikizapo ndondomeko monga NIS2 ndi machitidwe abwino omwe amalimbikitsidwa ndi mabungwe monga INCIBE kapena CCN-CERT.
Ngakhale, pakufufuza kwake, Forescout akuti adapeza zolakwika zina polumikizana ndi ma laboratories a TP-Link.Ena omwe amatha kugwiritsidwa ntchito kutali. Zambiri zaukadaulo sizinaululidwe, koma TP-Link ikuyembekezeka kumasula zosintha pankhaniyi. mu kotala yoyamba ya 2026.
Kukakamiza kowongolera ku US ndi zotsatira zake ku Europe
Magwero omwe atchulidwa ndi atolankhani aku US akuti a mgwirizano, wokhudza chilungamo, chitetezo cha dziko ndi chitetezoChilimwechi, adaphunzira njira yochitira kuletsa kugulitsa kwatsopano kwa TP-Link mdziko munoZodetsa nkhawa zimayang'ana zomwe zingatheke zikoka zalamulo za Beijing ndi kuthekera kwa zosintha zoyipa. TP-Link ikukana kukayikira uku ndikugogomezera kuti palibe akuluakulu a US kapena White House omwe adapanga chisankho pankhaniyi.
Ngakhale mkanganowu umakhala wapanyumba ku US, Zotsatira zake zitha kumveka ku EuropeKuchokera ku mfundo zogulira anthu ndi kuwunika kwa ngozi zapagulu kupita ku homologation ndi mfundo zothandizira. Kwa mabungwe omwe ali ndi malo ozungulira nyanja ya Atlantic, Ndi m'pofunika kusunga a kukhala maso y ndondomeko yosinthidwa ngati kuli kofunikira.
Kodi mabungwe ku Spain ndi EU ayenera kuchita chiyani?
Kupatula kugwiritsa ntchito zigamba ndi kuumitsa malo olowera, ndikofunikira kuchita a mndandanda wathunthu wa katundu network (kuphatikiza ma routers ndi zipata), tsimikizirani mitundu ya firmware, ndikulemba zopatula kwakanthawi. M'ma SME omwe ali ndi zothandizira zochepa, dalirani zawo Wopereka IT kapena MSP kutsimikizira masinthidwe otetezedwa ndi magawo.
- Ndemanga za kuwonekera kwa intaneti ndi masikeni a ntchito zotseguka.
- Mfundo zosunga zobwezeretsera za kasinthidwe ka rauta ndi pulani yobwerera.
- Sinthani chipika ndi mayesero olamulidwa pambuyo pakusintha kulikonse.
Ndi zolakwika zomwe zazindikirika kale, zigamba zilipo, ndi mikangano yowongolera ikukulirakulira, Chofunika kwambiri ndi kuwongolera, kulimbikitsa, ndi kuyang'anira osati kuchita mantha.Kukonzanso firmware, kusintha mawu achinsinsi, kutseka mwayi wosafunikira, ndikuwunika zochitika zosasangalatsa ndi njira zomwe, zikagwiritsidwa ntchito lero, kuchepetsa kwambiri chiwopsezo pamabizinesi apamwamba komanso maukonde apanyumba.
Ndine wokonda zaukadaulo yemwe wasandutsa zokonda zake za "geek" kukhala ntchito. Ndakhala zaka zoposa 10 za moyo wanga ndikugwiritsa ntchito ukadaulo wotsogola komanso kusewera ndi mitundu yonse yamapulogalamu chifukwa cha chidwi chenicheni. Panopa ndaphunzira luso la pakompyuta komanso masewera a pakompyuta. Izi zili choncho chifukwa kwa zaka zoposa 5 ndakhala ndikulembera mawebusaiti osiyanasiyana pa teknoloji ndi masewera a pakompyuta, ndikupanga nkhani zomwe zimafuna kukupatsani zambiri zomwe mukufunikira m'chinenero chomwe chimamveka kwa aliyense.
Ngati muli ndi mafunso, chidziwitso changa chimachokera ku chilichonse chokhudzana ndi makina opangira Windows komanso Android pama foni am'manja. Ndipo kudzipereka kwanga ndi kwa inu, nthawi zonse ndimakhala wokonzeka kuthera mphindi zochepa ndikukuthandizani kuthetsa mafunso aliwonse omwe mungakhale nawo pa intaneti.