Security News > 2022 > January > KCodes NetUSB bug exposes millions of routers to RCE attacks
A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors.
NetUSB is a kernel module connectivity solution developed by KCodes, allowing remote devices in a network to interact with the USB devices directly plugged into a router.
The vulnerable NetUSB module has a sixteen-second timeout to receive a request, allowing more flexibility when exploiting a device.
"While these restrictions make it difficult to write an exploit for this vulnerability, we believe that it isn't impossible and so those with Wi-Fi routers may need to look for firmware updates for their router," SentinelOne warned in their report.
The router vendors that use vulnerable NetUSB modules are Netgear, TP-Link, Tenda, EDiMAX, Dlink, and Western Digital.
Because the vulnerability affects so many vendors, Sentinel One alerted KCodes first, on September 9, 2021, and provided a PoC script on October 4, 2021, to verify the patch released that day.
News URL
Related news
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- Japan warns of IO-Data zero-day router flaws exploited in attacks (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-12 | CVE-2021-45388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. | 0.0 |