NetUSB vulnerability can affect millions of routers2015-05-20 10:00 by Daniela
Millions of routers worldwide may be exposed at risk due to a serious vulnerability in the NetUSB service that could allow hackers to compromise them.
NetUSB is a service developed by the Taiwanese company KCodes, that provides USB over IP functionality. It relies on a Linux kernel driver to launch a server. USB devices such as printers, webcams, flash drives, plugged into a Linux-based system, can be granted network access over TCP port 20005 through the technology. The service is used in a plethora of popular routers and is known under different names: "ReadySHARE," "USB share port" or "print sharing".
The flaw (CVE-2015-3036), allows for an unauthenticated attacker on a local network to trigger a kernel stack buffer overflow which causes denial-of-service or permits remote code execution. In addition, some router configurations may allow remote attacks.
"While NetUSB was not accessible from the internet on the devices we own, there is some indication that a few devices expose TCP port 20005 to the internet. We don't know if this is due to user misconfiguration or the default setting within a specific device. Exposing NetUSB to the internet enables attackers to get access to USB devices of potential victims and this would actually count as another vulnerability," researchers who found the problem said.
Among the affected brands are: TP-Link, D-Link, Trendnet, Netgear and Zyxel. TP-Link has already released patches for some of its router products and others are planned before the end of the month.
Read more -here-