Information security firm SEC Consult Vulnerability Lab has discovered a security flaw that affects millions of routers and could leave them open to remote hacking.
The vulnerability revolves around NetUSB, which provides network access to USB devices like printers and external hard drives through routers and access points. So, for example, NetUSB lets you have a hard drive plugged into your router to share files across your network--this is a highly touted feature of many routers today.
Unfortunately, there's a flaw where a hacker can send a long computer name during the connection initiation and create stack buffer overflows. As Betanews explains:
Stack buffer overflow flaws can cause programs to malfunction or crash, but can also be used to perform a deliberate cyberattack. It is possible to corrupt the stack by injecting malicious code into the program and gain control of the device remotely.
The good news is that TP-Link has already issued a patch for 40 of its devices. The bad news is that other router vendors, including Netgear, TrendNet, and Western Digital, could be affected and might not have patches available yet. You can check SEC Consult's advisory to see if yours is on the list.
It's always a good idea to update your router firmware because bugs like this pop up all the time. Your router is the most valuable target for hackers, and, unfortunately, with more Internet of Things (IoT) being used these days, we'll be seeing more of this in the future. For now, go update your router.