In a report today, the security firm said that an attacker could craft malicious commands that they could send to internet-connected routers on port 20005. Incorrectly configured firmware exposes SOHO routersīut SentinelOne said today that while the library is useful for the features it provides, it was also misconfigured in a way that it listened for possible interactions with its USB ports not only from the internal network but also its external interface connected to the internet. The library was developed in the early 2010s and found a niche in high-end routers from companies such as Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital.
Usb secure wifi home software#
Tracked as CVE-2021-45388, the vulnerability impacts multiple router vendors and has its origin in NetUSB, a library developed by software company KCodes.Īt a technical level, the NetUSB library allows devices on a local (internal) network, such as computers and smartphones, to interact with USB devices plugged into a router, such as printers, USB thumb drives, network-attached storage (NAS) systems, or streaming devices. USB-over-network components have been plagued over the past two years by an ever-increasing number of vulnerabilities, and in new research published today, researchers at SentinelOne said they discovered new issues in the USB-over-network component of home and office (SOHO) routers, devices that you would normally not expect to even have such support in the first place.
SOHO routers impacted by bug in USB-over-network component
0 kommentar(er)
