A new router vulnerability has been made public related to end-user routers from Netgear, TP-Link, Tenda, EDiMAX, D-Link, Western Digital, and potentially many more. This vulnerability is a remote code execution meaning that the attackers can get your device to run code of their choosing allowing them to gain a foothold and open a door into your network.
If you use any of the routers?
If you use any of the routers listed in this router vulnerability, please check for firmware updates and install any updates. You should run the update multiple times until no further updates are available. Also, set a calendar reminder to check for firmware updates at least monthly. Many vendors have not yet released their firmware updates to address this as this is an emerging story with expected updates arriving over the next few weeks from many more vendors. You should set a reminder for updates regardless of your vendor/model just as a good practice.
So far, the list of potentially affected devices has not been compiled or released, and a proof-of-concept code has not been released. It’s going to be a race between vendors releasing patches and hackers figuring out the exploit code.
If your device is past the end of life, meaning that the vendor no longer provides support or updates for them, you will not have a way to patch this vulnerability other than to replace the device. You will need to check with your vendor to see if your model is still supported. Typically, a search for the vendor’s name along with ‘End of life’ will provide links. If you need assistance locating the information, please let me know.
More information
This is a vulnerability in a 3rd party library from Kcodes that many device manufacturers integrated into their router firmware. There is no good way to know all of the devices affected. It is known as the KCodes NetUSB kernel module. Searches for Kcodes vulnerability or NetUSB vulnerability will provide multiple articles. This is not the first vulnerability found in the NetUSB module, but it is the most recent.
Resources
https://threatpost.com/millions-routers-exposed-bug-usb-module-kcodes-netusb/177506/
https://thehackernews.com/2022/01/new-kcodes-netusb-bug-affect-millions.html
-Daniel