SentinelLabs researchers point out vulnerability affecting millions of routers
SentinelLabs announced on January 11th (US time) that CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers - SentinelOne affected millions of routers worldwide. I told you about the vulnerability it gives. Exploitation of this vulnerability could allow remote access to devices such as routers and the execution of code within the kernel.
SentinelLabs researchers explained that they found a vulnerability in the NetUSB kernel module developed by KCodes. This kernel module provides functionality for interacting with USB devices attached to devices such as routers. For example, if you have a printer connected to your router via USB, you can use NetUSB to make it appear as if the printer is a USB device directly connected to your host.
It should be noted that NetUSB is used in their products by many vendors such as Netgear, TP-Link, Tenda, EDiMAX, DLink and Western Digital. As a result, millions of devices around the world are said to have this vulnerability. SentinelLabs says it has no plans to release an exploit for this vulnerability, but it cannot rule out the possibility that a third party will release an exploit, and is urging all affected users to take action. Recommended.