A vulnerability for mining and DDoS attacks was found in the routers. Threatened TP-Link, D-Link, Tenda

Get real time updates directly on you device, subscribe now.

Researchers at SentinelOne have discovered a critical vulnerability in the NetUSB kernel module, which is used by millions of routers and other network devices around the world. Attackers can use this vulnerability to remotely control connected devices, mine cryptocurrencies, or DDoS attacks. SentinelOne is currently unaware of any exploitation of this vulnerability, but the problem is exacerbated by the fact that router manufacturers are slow to release fixes.

NetUSB is a product developed by the Taiwanese company KCodes, which is designed to enable gadgets on the network to communicate with USB devices connected to the router. For example, this solution allows you to connect to a printer as if it were connected directly to a computer via a USB port. This requires the installation of an appropriate driver that communicates with the router through the NetUSB kernel module. It is widely used by many networking equipment manufacturers. First of all, these are Netgear, TP-Link, Tenda, EDiMAX, D-Link and Western Digital.

Vulnerable piece of code in the NetUSB kernel module

The vulnerability received the identifier CVE-2021-45608, was first reported on September 9, 2021, and in October KCodes released an update for NetUSB. According to experts from SentinelOne, the NetUSB module can interact with USB ports through an external interface, that is, outside the local network, which should not be. Thus, attackers can send commands to routers to control network devices.

Since this vulnerability is in a third-party component used by various router vendors, the only way to fix it is to update the router’s firmware. To date, only Netgear has released a new firmware with fixes.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.