Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

KCodes NetUSB Bug Exposes Millions of Routers to RCE Attacks

KCodes NetUSB Bug Exposes Millions of Routers to RCE Attacks

A high-severity remote code execution flaw tracked as CVE-2021-45388 has been discovered in the KCodes NetUSB kernel module, used by millions of router devices from various vendors.

Successfully exploiting this flaw would allow a remote threat actor to execute code in the kernel, and although some restrictions apply, the impact is broad and could be severe.

The vulnerability discovery comes from researchers at SentinelLabs who shared their technical report with Bleeping Computer before publication.

Also Read: 5 Simple Instructions on How to Access Request Form PDF

What is NetUSB and how it’s targeted

Some router manufacturers include USB ports on devices, allowing users to share printers and USB drives on the network.

NetUSB is a kernel module connectivity solution developed by KCodes, allowing remote devices in a network to interact with the USB devices directly plugged into a router.

NetUSB operational diagram
NetUSB operational diagram
Source: KCodes

SentinelOne discovered a vulnerable code segment in the kernel module that doesn’t validate the size value of a kernel memory allocation call, resulting in an integer overflow.

The ‘SoftwareBus_fillBuf’ function may then use this new region for a malicious out-of-bounds write with data from a network socket under the attacker’s control.

Some limitations may make it difficult to exploit the vulnerability, as described below.

  • The allocated object will always be in the kmalloc-32 slab of the kernel heap. As such, the structure must be less than 32 bytes in size to fit.
  • The size supplied is only used as a maximum receive size and not a strict amount.
  • The structure must be sprayable from a remote perspective.
  • The structure must have something that can be overwritten that makes it useful as a target (e.g. a Type-Length-Value structure or a pointer).

However, the vulnerable NetUSB module has a sixteen-second timeout to receive a request, allowing more flexibility when exploiting a device.

Also Read: Unsolicited Electronic Messages Act Means for Businesses

“While these restrictions make it difficult to write an exploit for this vulnerability, we believe that it isn’t impossible and so those with Wi-Fi routers may need to look for firmware updates for their router,” SentinelOne warned in their report.

Affected vendors and patching

The router vendors that use vulnerable NetUSB modules are Netgear, TP-Link, Tenda, EDiMAX, Dlink, and Western Digital.

It is unclear which models are affected by CVE-2021-45388, but it’s generally advisable to use actively supported products that receive regular security firmware updates.

Because the vulnerability affects so many vendors, Sentinel One alerted KCodes first, on September 9, 2021, and provided a PoC (proof of concept) script on October 4, 2021, to verify the patch released that day.

Vendors were contacted in November, and a firmware update was scheduled for December 20, 2021.

Netgear released a security update to patch CVE-2021-45388 on affected and supported products on December 14, 2021.

According to the security advisory published on December 20, 2021, the affected Netgear products are the following:

  • D7800 fixed in firmware version 1.0.1.68
  • R6400v2 fixed in firmware version 1.0.4.122
  • R6700v3 fixed in firmware version 1.0.4.122

The solution implemented by Netgear was to add a new size check to the ‘supplied size’ function, preventing the out-of-bounds write.

Fix applied by Netgear
Fix applied by Netgear
Source: SentinelLabs

Bleeping Computer has contacted all affected vendors to request a comment on the timeline of releasing a firmware update, but we haven’t received a response yet.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us