Home
 » ISP News » 
Sponsored

Security Flaw in NetUSB Hits Millions of Broadband and WiFi Routers

Wednesday, January 12th, 2022 (3:45 am) - Score 4,632
security of broadband isp routers

Security firm SentinelLabs has revealed a serious new vulnerability in KCodes NetUSB kernel module, which could enable hackers to remotely hijack various routers. Sadly, the flaw appears to affect millions of end user broadband and WiFi routers from major brands (e.g. NETGEAR, Edimax, D-Link, Tenda, TP-Link and Western Digital).

The NetUSB module itself, which is licensed for use by KCodes in devices from all of the aforementioned vendors, is simply designed to allow remote devices in a network to interact with USB devices connected to a router. A fairly common requirement on any router with a USB port.

However, the researchers noted that the module was listening on TCP port 20005 on the IP 0.0.0.0 (i.e. both LAN and WAN with no password or other authentication required), provided there were no firewall rules in place to block it. Suffice to say, they were then able to craft a remote attack (memory-buffer overflow) that enabled them to execute code in the kernel (i.e. this tends to result in a hijacked router).

The vulnerability (CVE-2021-45608) has been confirmed to work against several of NETGEAR‘s routers, including the D7800, R6400v2 and R6700v3. But since NetUSB is so widely adopted, then it’s likely to affect other vendors. However, D-Link notes that it stopped using this module in 2015 after a different vulnerability was discovered, although that flaw also helped to inform the new research.

SentinelLabs said they began the disclosure process on the 9th of September 2021 and the patch was sent to vendors via KCodes on the 4th of October 2021. But at the time of writing, some manufacturers do not yet appear to have released firmware patches for it, and we suspected that routers in the end-of-life category may never get one.

Max Van Amerongen of SentinelLabs said:

“This vulnerability affects millions of devices around the world and in some instances may be completely remotely accessible. Due to the large number of vendors that are affected by the vulnerability, we reported this vulnerability directly to KCodes to be distributed among their licensees instead of targeting just the TP-Link or the Netgear device in the contest. This ensures that all vendors receive the patch instead of just one during the contest.

While we are not going to release any exploits for it, there is a chance that one may become public in the future despite the rather significant complexity involved in developing one.”

So far, SentinelOne has not discovered any evidence of in-the-wild abuse and, as stated above, it is a bit of a tricky thing to exploit, but is still feasible for skilled attackers. Hopefully the other vendors complete their checks in a timely fashion and release any necessary firmware updates as soon as possible. Ideally, before somebody really does exploit it in the wild.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Tags: ,
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
2 Responses
  1. spurple says:

    I stopped using filesharing on my router a while back because I realised the risk of putting my files directly on the machine that is exposed to the internet. Too kuch risk from both defects like this and honest configuration mistakes.

  2. Mark K says:

    I checked my router via ShieldsUP! service from Gibson Research Corporation. https://www.grc.com/x/portprobe=20005 – Mine was ok, no response from my Asus router. I know Asus was not listed but still worth checking.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Ultrafast ISPs
  • Gigaclear £17.00 (*47.00)
    Speed: 200Mbps, Unlimited
    Gift: None
  • Vodafone £23.00 (*26.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Community Fibre £25.00 (*49.00)
    Speed: 920Mbps, Unlimited
    Gift: None
  • Hyperoptic £25.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: None
  • Virgin Media £26.00 (*44.00)
    Speed: 108Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Superfast ISPs
  • Vodafone £19.00 (*22.00)
    Speed 38Mbps, Unlimited
    Gift: None
  • NOW £20.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • Hyperoptic £20.00 (*25.00)
    Speed 50Mbps, Unlimited
    Gift: None
  • Plusnet £21.95 (*38.20)
    Speed 36Mbps, Unlimited
    Gift: £70 Reward Card
  • EE £22.00 (*30.00)
    Speed 36Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3767)
  2. BT (3075)
  3. Politics (2007)
  4. Building Digital UK (1962)
  5. FTTC (1903)
  6. Openreach (1889)
  7. Business (1737)
  8. Mobile Broadband (1525)
  9. Statistics (1447)
  10. FTTH (1367)
  11. 4G (1315)
  12. Virgin Media (1222)
  13. Wireless Internet (1192)
  14. Fibre Optic (1191)
  15. Ofcom Regulation (1182)
  16. Vodafone (881)
  17. EE (866)
  18. 5G (814)
  19. TalkTalk (795)
  20. Sky Broadband (766)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact