Popular consumer routers, such as those from Netgear, are vulnerable to Remote Code Execution (RCE) due to a flaw in the KCodes NetUSB kernel module. This module is used to remotely connect to USB devices connected to the router. This allows you to use these USB devices as if they were directly connected to your computer.
The error is in the kernel. This includes the main code of the module and is launched first, for example. In this way, it bypasses the security layers that lie above it. Malicious parties could take over the device via a so-called buffer overflow.
In simple terms, malicious parties can force unexpected behaviour in the USB module. This allows code to be executed that would normally be preceded by authentication. Think, for example, of opening a door without checking whether you have entered the correct access code. In this way, the crooks gain access to the USB device and the network.
Leak marked as critical
Max van Amerongen of security company Sentinel One discovered the leak. He indicates that exploiting this vulnerability is very difficult. But for malicious people with time, money and knowledge it is certainly not impossible. The vulnerability can be found in millions of popular routers, such as those from Netgear and TP-Link, leaving the possibility of a hacker group investing time and effort in the vulnerability. For this reason, the leak is still marked as critical.
Users are advised to install firmware updates for their routers this month as they become available.
Catch up on more articles here
Follow us on Twitter here