Security researchers have published
proof-of-concept code for a major
router vulnerability leveraging a popular driver that could be used by hackers to compromise millions of connected devices.
The vulnerable Linux kernel driver is called NetUSB, and it allows USB devices such as printers,
external hard drives and flash drives to be connected to a
router or access point so as to be made available on the network. The NetUSB technology belongs to a Taiwanese firm called KCodes Technology, but each vendor has a different name for the technology. Netgear calls it ReadySHARE, while other vendors use terms such as "print sharing" or "USB share port."
The vulnerability, which can be used to deliver denial-of-service attacks and as well as run code remotely, was uncovered by SEC Consult Vulnerability Lab. The firm says it has identified 26 vendors whose products were likely affected by the
router flaw.
