KCodes NetUSB kernel remote code execution flaw impacts millions of devices

A high-impact vulnerability allowing remote code execution to take place has impacted millions of end-user router devices. 

On Tuesday, SentinelOne published an analysis of the bug, tracked as CVE-2021-45388 and deemed critical by the research team. 

The vulnerability impacts the KCodes NetUSB kernel module. KCodes solutions are licensed by numerous hardware vendors to provide USB over IP functionality in products including routers, printers, and flash storage devices. 

KCodes NetUSB, the subject of a SEC Consult Vulnerability Lab analysis in the past, is proprietary software used to facilitate these connections — and the software is currently “used by a large number of network device vendors,” of which the security flaws “affect millions of end-user router devices,” according to SentinelOne.

Researcher Max Van Amerongen discovered the bug while examining a Netgear device. The kernel module, NetUSB, did not properly validate the size of packets fetched via remote connections, allowing a potential heap buffer overflow.

According to Amerongen, although a malicious payload would be difficult to write to trigger CVE-2021-45388 due to coding restraints, an exploit could result in the remote execution of code in the kernel. 

SentinelOne says that vendors including Netgear, TP-Link, DLink, and Western Digital license the software, and all of them

Read More: https://www.zdnet.com/article/kcodes-netusb-kernel-remote-code-execution-flaw-impacts-millions-of-devices/#ftag=RSSbaffb68