On Tuesday, SentinelOne published an analysis of a new high-impact vulnerability that allows for remote code execution. The bug, which is tracked as CVE-2021-45388, has impacted millions of end-user router devices. The bug has been classified as critical by security researchers at SentinelOne, and impacts the KCodes NetUSB kernel module. KCodes solutions are licensed by several hardware vendors to provide USB over IP functionality. The tool is often found in products such as printers, flash storage devices, routers, and more.
KCodes NetUSB is a proprietary software that is used to facilitate connections. Since the software is widely used by network device vendors, the security flaw affects millions of devices. Researcher Max Van Amerongen first discovered the bug when examining a Netgear device. According to Van Amerongen, the kernel module did not properly validate the size of packets fetched via remote connections. This also allowed for a potential heap buffer overflow error. A malicious payload would be difficult to write to trigger the vulnerability, however, an exploit could results in the remote execution of code in the kernel.
Read More: KCodes NetUSB kernel remote code execution flaw impacts millions of devices