Security News > 2022 > January > KCodes NetUSB bug exposes millions of routers to RCE attacks
A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors.
NetUSB is a kernel module connectivity solution developed by KCodes, allowing remote devices in a network to interact with the USB devices directly plugged into a router.
The vulnerable NetUSB module has a sixteen-second timeout to receive a request, allowing more flexibility when exploiting a device.
"While these restrictions make it difficult to write an exploit for this vulnerability, we believe that it isn't impossible and so those with Wi-Fi routers may need to look for firmware updates for their router," SentinelOne warned in their report.
The router vendors that use vulnerable NetUSB modules are Netgear, TP-Link, Tenda, EDiMAX, Dlink, and Western Digital.
Because the vulnerability affects so many vendors, Sentinel One alerted KCodes first, on September 9, 2021, and provided a PoC script on October 4, 2021, to verify the patch released that day.
News URL
Related news
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2021-45388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. | 0.0 |