- Ukuba sengozini okubili okukhulu (i-CVE-2025-7850 ne-CVE-2025-7851) kuthinta i-TP-Link Omada namarutha e-Festa VPN.
- Abukho ubufakazi bokuxhashazwa okusebenzayo; I-TP-Link ikhiphe i-firmware futhi icela abasebenzisi ukuthi baguqule amagama abo ayimfihlo.
- I-US icabanga ukukhawulela ukuthengiswa kwe-TP-Link ngezizathu zokuphepha kuzwelonke; inkampani iphika noma yiziphi izixhumanisi eziya eChina.
- Izinhlangano eziseSpain nase-EU kufanele zibuyekeze, zihlukanise amanethiwekhi futhi ziqinise izilawuli zokufinyelela.
Amarutha angochwepheshe asuka I-TP-Link's Omada ne-Festa VPN amabanga Bachayeke ezingozini ezimbili ezinobukhulu obuphezulu ezingavumela umhlaseli ukuthi alawule idivayisi. Lesi sixwayiso siza embikweni wezobuchwepheshe ovela ku-Forescout Research - Vedere Labs, okhuthaza ukuthi kusetshenziswe ngokushesha ama-patches adingekayo. izibuyekezo ze-firmware sezivele zikhishwe yi-TP-Link.
Lokhu okutholakele kuza ngesikhathi sezepolitiki esishubile: izinhlangano zikahulumeni ezimbalwa zase-US zisekela umnyakazo ongase uthathwe uMnyango Wezohwebo kokuthi khawulela ukuthengiswa kwesikhathi esizayo kwemikhiqizo ye-TP-Link ngezizathu zokuphepha kwezwe. Inkampani, ngakolunye uhlangothi, iyakuphika noma yiziphi izixhumanisi zokusebenza neChina futhi igomela ukuthi izinkampani ezingaphansi kwayo zase-US... Azikho ngaphansi kwemihlahlandlela yezobunhloli yezwe lase-Asia.
Yini ngempela etholakele
La ubungozi bokuqala, ekhonjwe ngokuthi I-CVE-2025-7850, Ivumela umjovo wemiyalo yesistimu yokusebenza ngenxa yokungahlanzeki okwanele kokufaka komsebenzisi.Ngesilinganiso sokuqina esingu-9,3, ezimeni ezithile Ingasetshenziswa ngisho nangaphandle kwezicucu..
El isinqumo sesibili, I-CVE-2025-7851 (amaphuzu 8,7), Idalula ukusebenza kokusalela kokulungisa iphutha okuvumela ukufinyelela kwezimpande nge-SSHEmpeleni, lowo mzila ofihliwe anganikeza ukulawula okugcwele kwe-router kumhlaseli oyisebenzise ngempumelelo.
Ngokusho kweForescout, ubungozi buthinta Imishini ye-TP-Link Omada namarutha e-Festa VPNLawa madivayisi ajwayelekile kuma-SME, amahhovisi asabalalisiwe, kanye nokusatshalaliswa kwenethiwekhi yezinkampani. E-Spain nase-EU, zivame ukusetshenziselwa ukufinyelela okukude kanye nokuhlukaniswa kwesayithiNgakho-ke, umthelela ongaba khona udlulela kumanethiwekhi ebhizinisi nasezindaweni ezibucayi.
Ubungozi obukhona: yini eyaziwayo kanye nezimagqabhagqabha ezitholakalayo njengamanje
Abacwaningi babonisa lokho Abukho ubufakazi obusesidlangalaleni bokuxhashazwa okusebenzayo kulawa maphutha amabili ngesikhathi sombiko. Kodwa-ke, imishini ye-TP-Link ibiqondiswe phambilini ngamabhobhothi amakhulu, njenge-Quad7, namaqembu axhumene ne-China enze ukuhlasela kokufutha iphasiwedi ngokumelene nama-akhawunti e-Microsoft 365, phakathi kweminye imikhankaso.
I-Forescout ne-TP-Link zincoma ukuthi ubuyekeze ngokushesha izinguqulo ze-firmware ezishicilelwe ukuze kulungiswe iziphazamisi.Ngemva kokubuyekeza, i-TP-Link ikutshela ukuthi ushintshe amaphasiwedi akho omlawuli. Ukwengeza, kuyatuseka ukusebenzisa izindlela zokuvimbela ukuze ukunciphisa indawo yokuhlasela:
- Khubaza ukufinyelela okukude kubaphathi uma kungabalulekile futhi yikhawulele ngohlu lokulawula ukufinyelela (ACLs) noma i-VPN.
- Zungezisa imininingwane ye-SSH nokhiye, futhi buyekeza abasebenzisi abanikwe amandla kudivayisi.
- Hlukanisa ithrafikhi yokuphatha ibe i-VLAN ezinikele futhi Khawulela i-SSH kuma-IP athembekile kuphela.
- Gada izingodo zesistimu futhi vula izexwayiso zokungena kupherimitha.
Esimweni saseYurophu, lezi zenzo zihambisana nezidingo ze ukuphathwa kwesichibi nokulawula ukufinyelela okufaka izinhlaka ezifana ne-NIS2 kanye nezinqubo ezihamba phambili ezinconywe izinhlangano ezifana ne-INCIBE noma i-CCN-CERT.
Nakuba, phakathi nophenyo lwakhe, I-Forescout ithi ithole amaphutha engeziwe ekusebenzisaneni nelabhorethri ye-TP-LinkAbanye abanamandla okuxhashazwa kude. Imininingwane yobuchwepheshe ayikadalulwa, kodwa I-TP-Link kulindeleke ukuthi ikhulule izilungiso zalezi zinkinga. kuyo yonke ikota yokuqala ka-2026.
Ingcindezi yokulawula e-US kanye nemiphumela yayo emibi eYurophu
Imithombo ecashunwe yimithombo yezindaba yase-US ithi a inqubo ye-interagency, ebandakanya Ubulungiswa, Ukuvikeleka Kwezwe kanye NokuvikelaKuleli hlobo, wafunda ipulani ukuze vimbela ukuthengiswa okusha kwe-TP-Link ezweniUkukhathazeka kugxile emandleni amathonya zomthetho Beijing kanye nokwenzeka kwezibuyekezo ezinonya. I-TP-Link iyazichitha lezi zinsolo futhi igcizelela ukuthi asikho isiphathimandla sase-U.S. noma i-White House esenze isinqumo esisemthethweni ngalolu daba.
Ngenkathi inkulumo-mpikiswano ingeyasekhaya e-US, Imiphumela yayo ingazwakala eYurophuKusukela kumibandela yokuthengwa kwempahla yomphakathi kanye nokuhlola ubungozi be-supply chain kuye kumgomo wokuxoxisana nokusekelwa. Ezinhlanganweni ezinobukhona be-transatlantic, Kutuswa ukugcina a ukuqapha ukuma y inqubomgomo yokushintsha ehleliwe uma kunesidingo.
Yini okufanele izinhlangano zaseSpain nase-EU zenze?
Ngaphandle kokusebenzisa amapheshana kanye nokwenza lukhuni izindawo zokufinyelela, kuhle ukwenza a uhlu oluphelele lwezimpahla inethiwekhi (okuhlanganisa amarutha namasango), qinisekisa izinguqulo ze-firmware, futhi ubhale okuhlukile kwesikhashana. Kuma-SME anezinsiza ezimbalwa, thembela kuwo Umhlinzeki we-IT noma i-MSP ukuqinisekisa ukucushwa okuvikelekile nokuhlukaniswa.
- Ukubuyekezwa kokuchayeka ku-inthanethi ngezikena ze izinsiza ezivulekile.
- Inqubomgomo yesipele ye ukumiswa kwe-router kanye nohlelo lokuhlehla.
- Shintsha ilogi futhi ukuhlolwa okulawulwayo ngemva kwesibuyekezo ngasinye.
Njengoba kunamaphutha asevele akhonjiwe, ama-patches atholakalayo, kanye nenkulumompikiswano yokulawula ithola ukudonswa, Okubalulekile ukulungisa, ukuqinisa, nokuqapha kunokutatazela.Ukubuyekeza i-firmware, ukushintsha amagama ayimfihlo, ukuvala ukufinyelela okungadingekile, nokuqapha umsebenzi oyisimangaliso kuyizinyathelo okuthi, uma zisetshenziswa namuhla, nciphisa kakhulu ubungozi kumabhizinisi athuthukile namanethiwekhi asekhaya.
Ngingumshisekeli wezobuchwepheshe oguqule izintshisekelo zakhe "ze-geek" zaba umsebenzi. Ngichithe iminyaka engaphezu kwengu-10 yempilo yami ngisebenzisa ubuchwepheshe obusezingeni eliphezulu kanye nokukitaza ngazo zonke izinhlobo zezinhlelo ngenxa yelukuluku lokufuna ukwazi. Manje sengiqeqeshelwe ubuchwepheshe be-computer nemidlalo yama-video. Lokhu kungenxa yokuthi sekuphele iminyaka engaphezu kwengu-5 ngisebenza ngokubhalela amawebhusayithi ahlukahlukene ezobuchwepheshe nemidlalo yevidiyo, ngenza izindatshana ezifuna ukukunikeza imininingwane oyidingayo ngolimi oluqondakala yiwo wonke umuntu.
Uma unemibuzo, ulwazi lwami lusukela kuyo yonke into ehlobene nesistimu yokusebenza ye-Windows kanye ne-Android yomakhalekhukhwini. Futhi ukuzibophezela kwami kuwe, ngihlala ngizimisele ukuchitha amaminithi ambalwa futhi ngikusize uxazulule noma yimiphi imibuzo ongase ube nayo kulo mhlaba we-inthanethi.