Please note that critical vulnerabilities have been identified in the switches based on RTL83xx chips, including Cisco Small Business 220, Zyxel GS1900-24, NETGEAR GS75x, ALLNET ALL-SG8208M and other no-name devices. These vulnerabilities allow an unauthenticated attacker to gain control of the switches.
The problems are caused by errors in the Realtek Managed Switch Controller SDK. Code from this SDK was used for the firmware.
Problems can also be in other devices based on RTL83xx chips, but it not confirmed by the manufacturers and not fixed yet:
- EnGenius EGS2110P, EWS1200-28TFP, EWS1200-28TFP;
- PLANET GS-4210-8P2S, GS-4210-24T2;
- DrayTek VigorSwitch P1100;
- CERIO CS-2424G-24P;
- Xhome DownLoop-G24M;
- Abaniact (INABA) AML2-PS16-17GP L2;
- Araknis Networks (SnapAV) AN-310-SW-16-POE;
- EDIMAX GS-5424PLC, GS-5424PLC;
- Open Mesh OMS24;
- Pakedgedevice SX-8P;
- TG-NET P3026M-24POE.
Please note that if you are a user of one of the these switches, we recommend that you to get more details and update the firmware.
Yours faithfully, Maxnet team