Orbi WiFi 7 RBE973
Reply

Re: Vulnerable to NetUSB hack? AC2600 R7450 [CVE-2021-45608 NetUSB Remote Code Execution]

ecomike
Follower

Vulnerable to NetUSB hack? AC2600 R7450

SentinelOne published a report detailing a NetUSB vulnerability in Kcode's firmware software that allows hackers to take over a router from the WAN via port 20005.

https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/

 

Will NETGEAR be releasing update firmware to fix this bug?

 

How can I close port 20005?  (and please don't reply that it is essential for proper functioning... this port should never have been available over the Internet, and it has a stack overflow that opens the router to complete takeover.)

 

Message 1 of 3
FURRYe38
Guru

Re: Vulnerable to NetUSB hack? AC2600 R7450

So have to tested this on your router? 

How do you know if yours is effected? 

https://kb.netgear.com/000064437/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Multipl...

Message 2 of 3
HomeUserIA
Aspirant

Re: Vulnerable to NetUSB hack? AC2600 R7450 [CVE-2021-45608 NetUSB Remote Code Execution]

Test with GRC | ShieldsUP! — Single Port Probe from within your network.

 

R8500 firmware 1.0.2.156 (from December 2021) predates this vulnerability, and unfortunately seems to cause DHCP to sporadically fail - creating problems with pretty much every web site.

 

Echoing the query to @netgear - is there an updating about to be released?

 

Model: R8500|Nighthawk X8 Tri-Band AC5300 WiFi Router
Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 846 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi 770 Series