Connect with us
puerto usb router peligro puerto usb router peligro

News

Watch out! A bug allows anyone to take control of your router

Published

on

The vulnerabilities in routers they are one of the most serious that can be found. Our network devices They are the door that opens our home to the Internet, and a failure in them can put all our devices and our data at risk. Now, millions of routers are affected by a vulnerability discovered in a module used by major manufacturers.

The discovered vulnerability is present in the kernel module called KCodes NetUSB. You have been assigned the code CVE-2021-45388, and has been rated as high risk, as it allows remote code execution on unpatched devices. The vulnerability has been found by researchers from SentinelOne, who have published all the information regarding the vulnerability.

The failure affects whether the router has a USB port

The failure affects a multitude of routers that include a USB port, which are the vast majority. Through those USB ports of the router, it is possible to connect devices such as printers, hard drives or pen drives. Although the speed is more limited, it is a convenient way to access devices from anywhere on the network.

To get all the juice out of those USB ports, manufacturers have a kernel module called NetUSB, developed by KCodes. This connectivity module allows network devices to access remotely to interact with the USB devices that we have connected to the router. However, there is a very dangerous vulnerability in your code.

netusb hack

Specifically, it appears that the kernel module which does not validate the size value of the kernel memory allocations, resulting in an integer overflow. This overflow allows an attacker to remotely insert code to carry out malicious activities on our network.

The attack, however, has some limitations in how to exploit it. Despite this, the module has an expiration time of 16 seconds, giving more flexibility when exploiting a router. Exploiting vulnerability is difficult, but not impossible, hence SentinelOne recommends all affected manufacturers to update their routers immediately.

Manufacturers of affected routers

Specifically, among the affected manufacturers we find Netgear, TP-Link, Tenda, EDiMAX, and DLink, in addition to a Western digital, whose network hard drives also use these network modules. Researchers have not detailed the affected models, but if they have USB ports, they are most likely affected.

SentinelOne contacted KCodes on September 9, and they sent them a code that demonstrated the vulnerability on October 4 to verify the patch released that same day. The rest of the manufacturers were contacted in November, and the first patches They started arriving in December. Netgear released a patch for the D7800, R6400v2 and R6700v3 devices, where, as a workaround, they have changed a feature that prevents permissionless writing outside the limits set by the router.

The rest of the manufacturers have not reported having patched vulnerabilities, so it will probably take a little longer to do so. SentinelOne has found no evidence that attackers are currently exploiting the vulnerability, but now that it is public, they could begin exploiting it soon.

Click to comment

Leave a Reply

Your email address will not be published.

News

Mini PC for those who want to stand out. Chatreey AMR5 offers an unusual design and mode switch

Published

on

Mini PC for those who want to stand out Chatreey

On Aliexpress, an unusual type of mini-PC with a fairly powerful processor appeared on sale. The Chatreey AMR5 model is based on the Ryzen 5 5600U, which offers six cores and a Vega 7 GPU.

Mini PC for those who want to stand out.  Chatreey AMR5 offers an unusual design and mode switch

The barebone kit is priced at $415, but you can also buy a PC preloaded with 8GB to 64GB of RAM and a 512GB to 2TB SSD. The top version will cost about $1,150.

The novelty stands out, of course, primarily for its design. Moreover, this very design is still associated with one of the functions of the PC. The ring at the top serves as a mode switch. It appears to toggle Windows power modes: Silent, Balance, and Performance Mode.

Mini PC for those who want to stand out.  Chatreey AMR5 offers an unusual design and mode switch

You can also note support for Wi-Fi 6, backlight, HDMI, DisplayPort, USB-C, USB 3.0 (x4), RJ45 ports and dimensions of 156 x 133 x 71.8 mm.

Continue Reading

Tablets

Brand new tablet for only $60. Updated Amazon Fire 7 unveiled

Published

on

1652907100 Brand new tablet for only 60 Updated Amazon Fire 7

Amazon has quietly updated its budget Fire 7 tablets. To be more precise, the Fire 7 and Fire 7 Kids have been updated.

Brand new tablet for only $60.  Updated Amazon Fire 7 unveiled

There are no cardinal changes – these are all the same ultra-affordable devices with the appropriate parameters. Since technically the novelties are almost identical, we will talk about them as a single product.

So, the tablet still has a seven-inch screen with a resolution of only 1024 x 600 pixels. This is a very low resolution for 2022, but the price of the tablet is only $60 ($110 for the Kids version).

Brand new tablet for only $60.  Updated Amazon Fire 7 unveiled

It is based on an unnamed 2 GHz quad-core processor, which is 30% faster than the solution in the previous generation of the tablet. RAM has doubled, but it’s only 2 GB. Flash memory is available 16 or 32 GB, since there is a slot for microSD. Also autonomy increased by 40%, and now Amazon promises up to 10 hours of work. From the rest, we can note the appeared USB-C port, a 2 megapixel camera and three colors.

Continue Reading

Headphones

Apple AirPods Pro ruptured a 12-year-old boy’s eardrums, leaving him disabled. The company was sued

Published

on

Apple AirPods Pro ruptured a 12 year old boys eardrums leaving him

Apple is facing legal action over AirPods.

According to sources, the company was sued due to the fact that a 12-year-old child was injured due to the use of Apple headphones. One would think that the headphones exploded, as this sometimes happens, but in this case the reason is completely different.

Apple AirPods Pro ruptured a 12-year-old boy's eardrums, leaving him disabled.  The company was sued

The child was watching a movie on Netflix using an iPhone and AirPods Pro. At some point, the Amber Alert system (child abduction alert system) went off. Initially, the headphones worked at a low volume, but the sound of Amber Alert was so loud that it ruptured the child’s eardrums and damaged the cochlea. After the incident, the boy suffered from hearing loss, nausea, dizziness and tinnitus. He is now required to wear a hearing aid.

In fact, this happened back in 2020, but, as is often the case, the general public will learn about such incidents much later.

The lawsuit alleges that Apple is aware of “defective” AirPods that do not mute Amber Alerts. What’s more, Apple also didn’t include a warning about a potential issue that users might encounter.

The lawsuit against Apple seeks damages for the boy and his parents, who are under enormous emotional stress due to the situation. The lawsuit seeks “punitive damages in an amount that will punish defendants for their conduct and deter other technology companies from engaging in such misconduct in the future.”

Continue Reading

Most Popular