IT Home January 14 news, according to foreign media threatpost reports, recently researchers from the security agency SentinelOne found that there is a serious remote code execution vulnerability (CVE-2021-45388) in the very commonly used NetUSB USB sharing component, involving manufacturers including Netgear Netgear, TP-Link, Tenda, EDiMAX, DLink, Western Digital, etc., all with USB Wireless routers, hard disk enclosures, etc. that interface and can access the network are risky.
The NetUSB component was developed by KCodes to enable the product to read devices such as USB flash drives, removable hard drives, and even printers. SentinelOne researcher Max Van Amerongen's article points out that hackers can send instructions through port 20005, and if the router's firmware has this vulnerability, then the hacker will be able to run code in the router kernel, thus achieving full control of the router.
Fortunately, the agency found no signs that the vulnerability was widely exploited. Van Amerongen discovered the bug while using netgear's R6700v3 router, and he was looking for a target for the Pwn2Own Hacking Contest. He said that after a number of steps, it was eventually discovered that the NetUSB module was exposed to TCP port 20005 with IP 0.0.0.0, which meant that the module was not protected by any firewall. In addition, the module is exposed to both WAN and LAN networks.
This is not the first time netUSB has been vulnerable. In 2015, there was a kernel stack buffer overflow error. The following is a partial resolution of the vulnerability:
▲ USB and router handshake process
▲ The instruction loop code after the handshake is completed
When the following command is touched, the vulnerable kernel module is triggered
IT House understands that as of press time, Netgear Netgear and TP-Link have confirmed the vulnerability and published a list of affected devices, as well as firmware updates.
TP-Link Vulnerability Report page: Click Open
Netgear Vulnerability Report page: Click Open