Security News > 2022 > January > Millions of Routers Exposed to RCE by USB Kernel Bug

Millions of popular end-user routers are at risk of remote code execution due to a high-severity flaw in the KCodes NetUSB kernel module.

The module enables connection to USB devices over IP, enabling remote devices to interact with USB devices connected to a router as if they were directly plugged into your computer via USB. For example, the module enables users to access printers, speakers or webcams as though they were plugged directly into a computer via USB: access that's enabled by a computer driver that communicates with the router through the kernel module.

According to a Tuesday writeup from SentinelOne vulnerability researcher Max Van Amerongen, attackers could remotely exploit the vulnerability to execute code in the kernel.

D7800 with firmware version 1.0.1.68, as well as in its R6400v2 routers and R6700v3 routers.

In 2015, there was another kernel stack buffer overflow in KCodes NetUSB. That discovery led to a "Very helpful exploit" that helped to quickly verify the more recent vulnerability, Van Amerongen recounted.

"The number 0x11 is added to it and then used as a size value in kmalloc. Since this supplied size isn't validated, the addition of the 0x11 can result in an integer overflow. For example, a size of 0xffffffff would result in 0x10 after 0x11 has been added to it."

News URL

https://threatpost.com/millions-routers-exposed-bug-usb-module-kcodes-netusb/177506/