Results 1 to 1 of 1
  1. #1
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,486
    Thanks
    284
    Thanked 574 Times in 478 Posts

    Router USB vulnerability!

    Millions of Networking Devices May Run Vulnerable NetUSB Code

    NetUSB code used in products from D-Link, NETGEAR, TP-LINK, TRENDnet and ZyXEL for sharing different USB devices over the network includes a vulnerability that could be exploited for arbitrary remote code execution.

    The vulnerability has been confirmed in gigabit routers from TP-Link (TL-WDR4300 v1 and v2) and NETGEAR (WNDR4500). Based on its research, SEC Consult believes that 26 vendors use the technology from KCodes.

    TP-LINK has released fixes for the NetUSB vulnerability and scheduled patches for about 40 products.

    In some cases, a workaround is available, consisting in disabling NetUSB via the web interface, but this action does not mitigate the issue on all affected devices.

    NETGEAR said that, on their products, the risk cannot be alleviated because the TCP port used by the server cannot be firewalled and there is no way to disable the service.
    http://blog.sec-consult.com/2015/05/...taiwanese.html

    Here we have another case that shows the sad state of embedded systems security. Because the same vendors are building the IoT devices of tomorrow, we will see a lot of this in the future.
    Link to vulnerable/tested versions (plain text): https://www.sec-consult.com/fxdata/s...erflow_v10.txt

  2. The Following 2 Users Say Thank You to satrow For This Useful Post:

    RetiredGeek (2015-05-23),wavy (2015-05-23)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •