A new vulnerability impacting millions of consumer routers has been discovered, and the nature of the vulnerability means you must take action.
The discovered vulnerability gives attackers from anywhere on the internet the ability to hack into your home (or office) router. From there, they can easily pivot into your home computer or other devices.
Luckily, most routers have firmware updates available, so make sure you update your router TODAY.
KCodes NetUSB Vulnerability
Like most vulnerability discoveries, this newest one comes with some good and bad news.
The good news is that the vulnerability is not in some weird custom software written by a router manufacturer that will never be fixed. The bad news is that the vulnerability is in a software library used by many different router manufacturers, which means there are lots of vulnerable devices.
It is in a piece of software called NetUSB, which was written by a company called KCodes. This software is licensed for use in the routers made by many popular router companies, including:
- Netgear
- TP-Link
- DLink
- Western Digital
- and many others
NetUSB
The NetUSB software is designed to let computers interact with USB devices that are plugged into the router work just like USB devices plugged directly into a computer. This is the software that lets you plug a printer into a router and use that printer easily on several different computers without complicated configuration.
Due to the way that this NetUSB service is implemented, it’s not only available from your network, it’s also available from outside your network on (port 20005). This means that anyone on the internet can find vulnerable routers.
Since this vulnerability currently impacts millions of routers and it is so easy for malicious actors to use a service like Shodan to scan for open ports online, your first step should be to update your router’s firmware immediately.
Go (like, NOW) to your router’s admin page (usually at 192.168.1.1 when you’re on your home WiFi network) and update your router’s firmware. It may take a few minutes, but it’s much better than having bad guys in your home (or office) network.
If you don’t know how to update your router’s firmware, contact me with your router information and I’ll try and help you figure it out.
The NetUSB service operates on Port 20005, so one easy way to see if you’re vulnerable is to check to see if that port is visible to the wider internet.
Curious if you’re vulnerable? Since this vulnerability is publicly accessible, you can easily find out if your current network is vulnerable using a free, reputable tool like Steve Gibson’s ShieldsUP scanner.
Am I Vulnerable?
ShieldsUP! is a free port scanner provided by Steve Gibson to help users secure their networks.
This utility has many different options. If you want to check for this current vulnerability, click below to open ShieldsUp! with the specific port (20005) preconfigured for scanning.
(Remember that you need to be on your home WiFi for this to work!)
The scan will take a few seconds. You can check your results under the “Status” column.
Green (”Stealth”) is best, blue (”Closed”) means that the port is visible (which means other people on the internet can see it), and red means that your port is responding to requests (this is bad).
