CVE-2021-45608

Name of the Vulnerable Software and Affected Versions D-Link versions (affected versions not specified) Edimax versions (affected versions not specified) NETGEAR D7800 versions prior to 1.0.1.68 NETGEAR R6400v2 versions prior to 1.0.4.122 NETGEAR R6700v3 versions prior to 1.0.4.122 NETGEAR R6220 versions (affected versions not specified) NETGEAR R7000 versions (affected versions not specified) NETGEAR R7800 versions (affected versions not specified) TP-Link versions (affected versions not specified) Tenda versions (affected versions not specified) Western Digital versions (affected versions not specified)

Description The issue is related to an integer overflow by an unauthenticated attacker, which may allow remote code execution from the WAN interface (TCP port 20005). The overflow is in the SoftwareBus dispatchNormalEPMsgOut function in the KCodes NetUSB kernel module. Exploitability is considered to be of significant complexity but not impossible.

Recommendations For NETGEAR D7800 versions prior to 1.0.1.68, update to version 1.0.1.68 or later. For NETGEAR R6400v2 versions prior to 1.0.4.122, update to version 1.0.4.122 or later. For NETGEAR R6700v3 versions prior to 1.0.4.122, update to version 1.0.4.122 or later. For other affected devices, at the moment, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the WAN interface (TCP port 20005) to minimize the risk of exploitation.