The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

NetUSB vulnerability can affect millions of routers

2015-05-20 10:00 by

 

Millions of routers worldwide may be exposed at risk due to a serious vulnerability in the NetUSB service that could allow hackers to compromise them.

NetUSB is a service developed by the Taiwanese company KCodes, that provides USB over IP functionality. It relies on a Linux kernel driver to launch a server. USB devices such as printers, webcams, flash drives, plugged into a Linux-based system, can be granted network access over TCP port 20005 through the technology. The service is used in a plethora of popular routers and is known under different names: "ReadySHARE," "USB share port" or "print sharing".

The flaw (CVE-2015-3036), allows for an unauthenticated attacker on a local network to trigger a kernel stack buffer overflow which causes denial-of-service or permits remote code execution. In addition, some router configurations may allow remote attacks.

"While NetUSB was not accessible from the internet on the devices we own, there is some indication that a few devices expose TCP port 20005 to the internet. We don't know if this is due to user misconfiguration or the default setting within a specific device. Exposing NetUSB to the internet enables attackers to get access to USB devices of potential victims and this would actually count as another vulnerability," researchers who found the problem said.

Among the affected brands are: TP-Link, D-Link, Trendnet, Netgear and Zyxel. TP-Link has already released patches for some of its router products and others are planned before the end of the month.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About