Millions of Tenda, Netgear, Western Digital, TP-Link, D-Link, and EDiMAX end-user routers are being affected by a high-severity buffer overflow vulnerability in the KCodes NetUSB component, a Linux kernel module allowing local network-connected devices to offer USB-based services, The Hacker News
A SentinelOne report revealed that threat actors could exploit the flaw, tracked as CVE-2021-45068, to facilitate remote code execution
in the kernel and conduct more malicious activities, according to researchers.
KCodes has already issued a fix to the vulnerability in November after being notified by SentinelOne in September. Firmware updates addressing the bug have also been released by Netgear.
"Since this vulnerability is within a third-party component licensed to various router vendors, the only way to fix this is to update the firmware of your router, if an update is available. It is important to check that your router is not an end-of-life model as it is unlikely to receive an update for this vulnerability," said researcher Max Van Amerongen.