KCodes NetUSB vulnerability: millions of routers exposed to RCE attacks
Security researchers identified a high-impact vulnerability in software licensed to multiple router vendors. Affected devices are at risk of a remote code execution (RCE) attack.
The bug (CVE-2021-45388) was discovered by researchers at SentinelOne. Researchers claim the high-severity flaw exists in the KCodes NetUSB kernel module used by a large number of network device vendors.
According to the researchers, NetUSB is a product by KCodes, that allows remote devices in a network to interact with USB devices connected to a router.
“For example, you could interact with a printer as though it is plugged directly into your computer via USB. This requires a driver on your computer that communicates with the router through this kernel module,” writes Max Van Amerongen, the author of the report.
Vendors like Netgear, TP-Link, Tenda, EDiMAX, DLink, Western Digital, and others are among the users of the module.
Threat actors could use the CVE-2021-45388 to execute code in the kernel module that doesn’t validate the size of a kernel memory allocation call, causing an integer overflow.
While Amerongen claims that code restrictions make it rather difficult to exploit the vulnerability, it isn’t impossible, which means that users of affected devices should look for firmware updates.
SentinelOne disclosed their finding to KCodes in September, and Netgear issued a security advisory for remediation in late December.
“While we are not going to release any exploits for it, there is a chance that one may become public in the future despite the rather significant complexity involved in developing one,” claims the report.
More from CyberNews:
Subscribe to our newsletter