Millions of Networking Devices May Run Vulnerable NetUSB Code

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
TP-LINK scheduled fixes for about 40 of its products
NetUSB code used in products from D-Link, NETGEAR, TP-LINK, TRENDnet and ZyXEL for sharing different USB devices over the network includes a vulnerability that could be exploited for arbitrary remote code execution.

Tracked as CVE-2015-3036, the security flaw is a remote kernel stack buffer overflow that can be triggered by a client when connecting to the server deployed on the networking device (TCP port 20005).

“Rare” remote kernel stack buffer overflow
NetUSB technology is developed by KCodes, a company from Taiwan, to provide USB over IP functionality. It relies on a Linux kernel driver to launch a server that communicates with a client available in software on computer systems running Windows or OS X.

The feature allows users to emulate on the computer a USB device (printer, hard drive) connected to an embedded system, such as a router or access point. The capability is known under different names, “ReadySHARE,” “USB share port” or “print sharing” being a few of them.

According to Austria-based SEC Consult Vulnerability Lab, the client sends the computer name to the server when the connection between the two is established.

However, if the client delivers to the server a name longer than 64 characters, the stack buffer overflows upon reception from the socket. “All the server code runs in kernel mode, so this is a ‘rare’ remote kernel stack buffer overflow,” the researchers said in a blog poston Tuesday.

For the connection to occur, authentication is required, based on an AES encryption key; but researchers say that the key is present both in the kernel driver and in the client software installed on the computer system.


Read more: http://news.softpedia.com/news/Mill...vices-Run-Vulnerable-NetUSB-Code-481677.shtml
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well I should never worry about, my brother made a crazy idea to flush the manufactured ROM and made it as OpenWRT (open source) for TP-Link Router last 3 weeks, which on other side note it brings better security benefits ;)
 
  • Like
Reactions: LabZero and frogboy

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Well I should never worry about, my brother made a crazy idea to flush the manufactured ROM and made it as OpenWRT (open source) for TP-Link Router last 3 weeks, which on other side note it brings better security benefits ;)
That sounds very clever not sure i could do it. :( Sounds very complicated. :D
 
  • Like
Reactions: LabZero

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
That sounds very clever not sure i could do it. :( Sounds very complicated. :D

Indeed its a very complicated part which you will deal a lot of Command Line installation procedure. ;)

Still an optional tough, just check for latest firmware and turn off any sharing functions.
 
  • Like
Reactions: frogboy and LabZero
L

LabZero

Well I should never worry about, my brother made a crazy idea to flush the manufactured ROM and made it as OpenWRT (open source) for TP-Link Router last 3 weeks, which on other side note it brings better security benefits ;)
I know something, OpenWrt is a Linux distribution for embedded devices but if your modem/router is new , flushing ROM you lose the warranty?
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
@Klipsh: Yes you're right however our router is already used for more than 5 years and its warranty is no longer covered. ;) Therefore you can do an experiment, my brother is really an advocate on open source software and tools.
 
  • Like
Reactions: frogboy and LabZero

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
The bug doesn't seem so bad to be honest, since you need to be in the network already for it to work, so as long as you keep WPS (which is a bug ridden mess on most routers) and guest networking (same applies here) disabled there should be minimal attack surface... none the less it's a security flaw which could be used to compromise your network if you aren't careful with your router configuration.
The biggest question here is: what's with all the routers at their EOL (end of life)? It's not likely the average person will buy a new router when the support ends, so what will happen to them? Will all these cheapo routers just be left unpatched and the company's just say: "You get what you pay for"?
 
  • Like
Reactions: LabZero and frogboy
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top