- May 4, 2019
- 801
As a number of my projects start, when I heard that Pwn2Own Mobile 2021 had been announced, I set about looking at one of the targets. Having not looked at the Netgear device when it appeared in the 2019 contest, I decided to give it a lookover.
While going through various paths through various binaries, I came across a kernel module called NetUSB. As it turned out, this module was listening on TCP port on the IP .200050.0.0.0
Provided there were no firewall rules in place to block it, that would mean it was listening on the WAN as well as the LAN. Who wouldn’t love a remote kernel bug?
NetUSB is a product developed by KCodes. It’s designed to allow remote devices in a network to interact with USB devices connected to a router. For example, you could interact with a printer as though it is plugged directly into your computer via USB. This requires a driver on your computer that communicates with the router through this kernel module.
It’s licensed to a large number of other vendors for use in their products, most notably:
- Netgear
- TP-Link
- Tenda
- EDiMAX
- DLink
- Western Digital
CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers
SentinelLabs has discovered a high severity flaw in NetUSB which could be remotely exploited to execute code in the kernel.
www.sentinelone.com