"KCodes NetUSB Kernel Remote Code Execution Flaw Impacts Millions of Devices"

Researchers at the cybersecurity firm SentinelOne have shared findings from their analysis of a flaw in the KCodes NetUSB kernel module that puts millions of end-user router devices from Netgear, TP-Link, Tenda, EDIMAX, D-Link, Western Digital, and more, at risk of Remote Code Execution (RCE). KCodes NetUSB is proprietary software that allows devices such as routers, printers, and flash storage devices to provide USB-based services over IP. The bug was discovered during the examination of a Netgear device by the SentinelOne vulnerability researcher, Max Van Amerongen. The kernel module, NetUSB, was found improperly validating the size of packets fetched through remote connections, potentially resulting in a heap buffer overflow. This article continues to discuss the discovery, potential exploitation, severity, and disclosure of the KCodes NetUSB flaw. 

ZDNet reports "KCodes NetUSB Kernel Remote Code Execution Flaw Impacts Millions of Devices"