Home News Researchers Uncover NetUSB RCE Flaw Affecting Millions of Routers

Researchers Uncover NetUSB RCE Flaw Affecting Millions of Routers

SentinelLabs researchers exposed a vulnerability in the KCodes NetUSB component that allows a remote hacker to execute code and compromise millions of home routers.

KCodes NetUSB, FragAttacks on Wi-Fi connected devices

Security experts from SentinelLabs uncovered a high severity vulnerability in the KCodes NetUSB component used manufacturing of Wi-Fi routers from EDiMAX, Netgear, TP-Link, Tenda, D-Link, and Western Digital. NetUSB is a product developed by KCodes. It is designed to allow remote devices in a network to interact with USB devices connected to a router. The vulnerability tracked as CVE-2021-45608 is a buffer overflow flaw that could enable hackers to execute malicious code remotely in the kernel and compromise the device, affecting millions of routers globally.

Also Read: How to Secure Your Home Wi-Fi Network

“While going through various paths through various binaries, we came across a kernel module called NetUSB. As it turned out, this module was listening on TCP port 20005 on IP 0.0.0.0. Provided there were no firewall rules in place to block it, that would mean it was listening on the WAN as well as the LAN. Who wouldn’t love a remote kernel bug,” the researchers said.

Mitigation

Given the flaw’s severity, millions of users who are using the vulnerable devices are exposed to hacker intrusions. The researchers stated they had reported the vulnerability to the manufacturers. The only way to fix this vulnerability is by updating the router to the latest available firmware.

Also Read: Cybercriminals Exploit Home Routers for Botnets

“This vulnerability affects millions of devices worldwide and may be completely remotely accessible in some instances. Due to the large number of vendors that are affected by the vulnerability, we reported this vulnerability directly to KCodes to be distributed among their licensees instead of targeting just the TP-Link or the Netgear device in the contest. This ensures that all vendors receive the patch instead of just one during the contest,” the researchers added.

Routers – Hackers’ Favorite Target

With most employees working remotely, cybercriminals increased their hacking attempts targeting vulnerable commercial IoT devices like Wi-Fi routers. Recently, a security research report from Eclypsium revealed that over 300,000 IP addresses related to MikroTik devices were exposed to remotely exploitable security vulnerabilities. The flaws in MikroTik devices could expose users and enterprises to various security risks. They can allow remote access to hackers to exploit and penetrate the network.