TP-LINK scheduled fixes for about 40 of its products
NetUSB code used in products from D-Link, NETGEAR, TP-LINK, TRENDnet and ZyXEL for sharing different USB devices over the network includes a vulnerability that could be exploited for arbitrary remote code execution.
Tracked as CVE-2015-3036, the security flaw is a remote kernel stack buffer overflow that can be triggered by a client when connecting to the server deployed on the networking device (TCP port 20005).
“Rare” remote kernel stack buffer overflow
NetUSB technology is developed by KCodes, a company from Taiwan, to provide USB over IP functionality. It relies on a Linux kernel driver to launch a server that communicates with a client available in software on computer systems running Windows or OS X.