Skip to ContentSkip to Footer
IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
News

NetUSB flaw exposes millions of routers to remote code execution

The vulnerability impacts devices from Netgear, TP-Link, D-Link, and Western Digital

by: Danny Bradbury
11 Jan 2022
A router with two blue wires inserted

Getty Images

Security researchers have warned of a vulnerability that exposes millions of routers to remote code execution.

SentinelOne researcher Max Van Amerongen discovered the bug while experimenting with router code as part of the Pwn2Own ethical hacking competition. The flaw lies in NetUSB, a program written by software developer KCodes.

This program, which ships in millions of routers, allows remote computers to access devices on a local area network as though they were connected via USB. A typical use case would be connecting to a printer remotely.

The bug, CVE-2021-45608, is a buffer overflow vulnerability. NetUSB takes a value from the remote PC and then adds its own number, using the result to calculate what else is read from the remote PC. The program doesn't validate the initial value, making it possible to produce a larger result than intended.

An attacker could use this to write more data than the program expected into the kernel, potentially enabling them to send commands that could execute on the router.

There are some restrictions that make the bug difficult to exploit, including limits on the size of the code sent. Nevertheless, SentinelOne says that it's worth addressing.

Related Resource

Container network security guide for dummies

Enforcing Kubernetes best practices

For Dummies style cover with whitepaper title at the topFree download

"While these restrictions make it difficult to write an exploit for this vulnerability, we believe that it isn’t impossible and so those with Wi-Fi routers may need to look for firmware updates for their router," it said.

Routers affected include those from most major manufacturers including Netgear, TP-Link, D-Link, and Western Digital. KCodes confirmed on December 19 that it had sent the patch to all vendors, and Netgear released an advisory the following day.

Router bugs are especially pernicious because they often affect home and small business users, targeting devices that people rarely remember to update. That means these devices can pave the way for malware infections that join the routers to botnets or change DNS settings, taking users to malicious sites. When bugs target programs used across many vendors, the target base can be huge.

2019 saw a massive UPnProxy vulnerability render millions of routers vulnerable to attack. More recently, Sky Broadband was found to have dragged its feet fixing a flaw that exposed its users' home networks to hackers.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022
Skip to HeaderSkip to Content