New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors
Jan 11, 2022
Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives plugged into a Linux-based embedded system (e.g., a router) are made available via the network using the driver. CVE-2021-45608 (CVSS score: 9.8), as the security flaw is tracked as, relates to a buffer overflow vulnerability that, if successfully exploited, can allow attackers to execute code remotely in the kernel and perform malicious activities of their choice, according to a report shared by SentinelOne with The Hacker News. This is the latest in a string of NetUSB vulnerabilities that has been patched in recent years. In May 2015, researchers from SEC Consult disclosed another