New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors

2022-01-11 04:15

Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others.

KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives plugged into a Linux-based embedded system are made available via the network using the driver.

This is the latest in a string of NetUSB vulnerabilities that has been patched in recent years.

Then in June 2019, Cisco Talos divulged details of two weaknesses in NetUSB that could allow an attacker to inappropriately force select Netgear wireless routers into disclosing sensitive information and even giving the attacker the ability to remotely execute code.

Following responsible disclosure to KCodes on September 20, 2021, the Taiwanese company issued a patch to all vendors on November 19, after which Netgear released firmware updates containing fixes for the vulnerability.

SentinelOne has refrained from releasing a proof-of-concept code in light of the fact that other vendors are still in the process of shipping updates.

News URL

https://thehackernews.com/2022/01/new-kcodes-netusb-bug-affect-millions.html

#router #vendors