Security News > 2022 > January > KCodes NetUSB bug exposes millions of routers to RCE attacks
A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors.
NetUSB is a kernel module connectivity solution developed by KCodes, allowing remote devices in a network to interact with the USB devices directly plugged into a router.
The vulnerable NetUSB module has a sixteen-second timeout to receive a request, allowing more flexibility when exploiting a device.
"While these restrictions make it difficult to write an exploit for this vulnerability, we believe that it isn't impossible and so those with Wi-Fi routers may need to look for firmware updates for their router," SentinelOne warned in their report.
The router vendors that use vulnerable NetUSB modules are Netgear, TP-Link, Tenda, EDiMAX, Dlink, and Western Digital.
Because the vulnerability affects so many vendors, Sentinel One alerted KCodes first, on September 9, 2021, and provided a PoC script on October 4, 2021, to verify the patch released that day.
News URL
Related news
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2021-45388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. | 0.0 |