Saturday, July 13, 2024

New KCodes NetUSB Bug Affects Millions of Routers from Different Vendors

Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that’s integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others.

KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives plugged into a Linux-based embedded system (e.g., a router) are made available via the network using the driver.

CVE-2021-45608 (CVSS score: 9.8), as the security flaw is tracked as, relates to a buffer overflow vulnerability that, if successfully exploited, can allow attackers to execute code remotely in the kernel and perform malicious activities of their choice, according to a report shared by SentinelOne with THN.

This is the latest in a string of NetUSB vulnerabilities that has been patched in recent years. In May 2015, researchers from SEC Consult disclosed another buffer overflow flaw (CVE-2015-3036) that could result in a denial-of-service (DoS) or code execution.

kcodes strings

Then in June 2019, Cisco Talos divulged details of two weaknesses in NetUSB (CVE-2019-5016 and CVE-2019-5017) that could allow an attacker to inappropriately force select Netgear wireless routers into disclosing sensitive information and even giving the attacker the ability to remotely execute code.

Following responsible disclosure to KCodes on September 20, 2021, the Taiwanese company issued a patch to all vendors on November 19, after which Netgear released firmware updates containing fixes for the vulnerability.

SentinelOne has refrained from releasing a proof-of-concept (PoC) code in light of the fact that other vendors are still in the process of shipping updates. But the cybersecurity firm cautioned the possibility of an exploit emerging in the wild despite the technical complexity involved, making it imperative that users apply the fixes to mitigate any potential risk.

Recommended:  UK publishes ‘comprehensive’ cyber security strategy

“Since this vulnerability is within a third-party component licensed to various router vendors, the only way to fix this is to update the firmware of your router, if an update is available,” researcher Max Van Amerongen said. “It is important to check that your router is not an end-of-life model as it is unlikely to receive an update for this vulnerability.”


We think you may enjoy reading,

Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates