'Millions' of routers open to absurdly outdated NetUSB hijack

Vulnerability may allow ne'er-do-wells to access the 1990s

SEC Consult Vulnerability Lab Stefan Viehböck says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks.

The packet fondler says the vulnerability (CVE-2015-3036) hits the Linux kernel module in scores of popular routers which serves to provide network access over TCP port 20005 to USB devices plugged into routers such as printers and external hard drives.

Viehböck says the vulnerability triggered by specifying a ridiculously long machine name belongs in the 1990s.

"By specifying a name longer than 64 characters, the stack buffer overflows when the computer name is received from the socket," Viehböck says.

"Easy as a pie, the ‘90s are calling and want their vulns back.

"All the server code runs in kernel mode, so this is a 'rare' remote kernel stack buffer overflow."

TP-Link has issued patches for 40 of its products. About the same number of Netgear wares are also affected along with 14 Trendnet items. Some 24 other vendors including D-Link and Western Digital are potentially affected, according to Vienbock's advisory.

The hacker notified computer emergency response teams in the US, Germany, and Austria after communications allegedly broke down with NetUSB creator KCodes.

Concerned users not prepared to suffocate while holding breath for router patches may be able to disable NetUSB through web interfaces.

This may not work on all devices including Netgear offerings which remain open even when firewalled, Viehböck says. ®


Biting the hand that feeds IT © 1998–2017