Millions of Networking Devices May Run Vulnerable NetUSB Code

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
TP-LINK scheduled fixes for about 40 of its products

NetUSB code used in products from D-Link, NETGEAR, TP-LINK, TRENDnet and ZyXEL for sharing different USB devices over the network includes a vulnerability that could be exploited for arbitrary remote code execution.

Tracked as CVE-2015-3036, the security flaw is a remote kernel stack buffer overflow that can be triggered by a client when connecting to the server deployed on the networking device (TCP port 20005).

“Rare”​ remote kernel stack buffer overflow

NetUSB technology is developed by KCodes, a company from Taiwan, to provide USB over IP functionality. It relies on a Linux kernel driver to launch a server that communicates with a client available in software on computer systems running Windows or OS X.
Millions of Networking Devices May Run Vulnerable NetUSB Code - Softpedia
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top