EEVblog Electronics Community Forum

Products => Computers => Security => Topic started by: madires on January 17, 2022, 10:07:05 am

Title: CVE-2021-45608 (NetUSB RCE flaw)
Post by: madires on January 17, 2022, 10:07:05 am
CVE-2021-45608 | NetUSB RCE Flaw in Millions of End User Routers (https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/ (https://www.sentinelone.com/labs/cve-2021-45608-netusb-rce-flaw-in-millions-of-end-user-routers/))

In most cases it should possible to add firewall rules to prevent access from the WAN (block TCP port 20005).
Title: Re: CVE-2021-45608 (NetUSB RCE flaw)
Post by: SiliconWizard on January 17, 2022, 06:05:13 pm
Looked at the code - as expected, mind-boggingly careless. And it's basically down to "input validation" not handled appropriately, one of my pet peeves in software.