Security researchers have warned of a vulnerability that exposes millions of routers to remote code execution.
SentinelOne researcher Max Van Amerongen discovered the bug while experimenting with router code as part of the Pwn2Own ethical hacking competition. The flaw lies in NetUSB, a program written by software developer KCodes.
This program, which ships in millions of routers, allows remote computers to access devices on a local area network as though they were connected via USB. A typical use case would be connecting to a printer remotely.
The bug, CVE-2021-45608, is a buffer overflow vulnerability. NetUSB takes a value from the remote PC and then adds its own number, using the result to calculate what else is read from the remote PC. The program doesn't validate the initial value, making it possible to produce a larger result than intended.
An attacker could use this to write more data than the program expected into the kernel, potentially enabling them to send commands that could execute on the router.
There are some restrictions that make the bug difficult to exploit, including limits on the size of the code sent. Nevertheless, SentinelOne says that it's worth addressing.
RELATED RESOURCE
"While these restrictions make it difficult to write an exploit for this vulnerability, we believe that it isn’t impossible and so those with Wi-Fi routers may need to look for firmware updates for their router," it said.
Routers affected include those from most major manufacturers including Netgear, TP-Link, D-Link, and Western Digital. KCodes confirmed on December 19 that it had sent the patch to all vendors, and Netgear released an advisory the following day.
Router bugs are especially pernicious because they often affect home and small business users, targeting devices that people rarely remember to update. That means these devices can pave the way for malware infections that join the routers to botnets or change DNS settings, taking users to malicious sites. When bugs target programs used across many vendors, the target base can be huge.
2019 saw a massive UPnProxy vulnerability render millions of routers vulnerable to attack. More recently, Sky Broadband was found to have dragged its feet fixing a flaw that exposed its users' home networks to hackers.
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
