Thursday, January 23, 2025
HomeComputer SecurityMultiple Vulnerabilities with NETGEAR Wireless Routers Allows Attackers to Access Sensitive Information

Multiple Vulnerabilities with NETGEAR Wireless Routers Allows Attackers to Access Sensitive Information

Published on

SIEM as a Service

Follow Us on Google News

Researchers discovered multiple vulnerabilities with some NETGEAR wireless routers that allow an attacker to access sensitive information. The vulnerability exists in the KCodes’ NetUSB kernel module.

Only specific models of NETGEAR wireless routers use the kernel module from KCodes; the module shares USB devices over TCP, which allows clients to connect with various drivers and software.

According to Talos researcher, Dave McDaniel, “An attacker could send specific packets on the local network to exploit vulnerabilities in NetUSB, forcing the routers to disclose sensitive information and even giving the attacker the ability to remotely execute code.”

Remote Kernel Arbitrary Memory read Vulnerability (CVE-2019-5016)

The arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module; an unauthenticated attacker can trigger this vulnerability form a local network by sending a crafted packet with an invalid memory read that could result in denial of service or remote information disclosure.

Remote Kernel Information Disclosure Vulnerability (CVE-2019-5017)

An exploitable information disclosure vulnerability that resides with KCodes NetUSB.ko kernel module let an unauthenticated, remote attacker send a crafted packet with containing an opcode that will trigger the kernel module to return several addresses.

Cisco reached out to KCodes and NETGEAR regarding this vulnerability, and the update is scheduled to release.

Also, Cisco decided to release the details of our vulnerability after surpassing its 90-day deadline.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Related Read:

New Variant of Mirai Malware Using 13 Different Exploits to Hack Routers Including D-Link, Linksys, GPON, Netgear, Huawei

More than 25,000 Linksys Smart Wi-Fi Routers Leaking Sensitive Information to the Public Internet

Verizon Fios Router Vulnerabilities Allows Attackers to Gain Complete Control Over the Network

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...