Wednesday, 20 May 2015

Millions of routers and other embedded devices are affected by Critical flaw in NetUSB driver

According to researcher Stefan Viehbock from SEC Consult Vulnerability Lab, the vulnerability, CVE-2015-3036, allows for an unauthenticated attacker on a local network to trigger a kernel stack buffer overflow which causes denial-of-service or permits remote code execution. In addition, some router configurations may allow remote attacks.

The vulnerability is located in a service called NetUSB, which lets devices connected over USB to a computer be shared with other machines on a local network or the Internet via IP (Internet Protocol). The shared devices can be printers, webcams, thumb drives, external hard disks and more.
NetUSB is a Linux kernel module that allows for users to flash drives, plug printers and other USB-connected devices into their routers so that they can be accessed over the local network.
NetUSB component is integrated into modern routers sold by some major manufacturers including D-Link, Netgear, TP-Link, ZyXEL and TrendNet.
We are recommending to disable the service (if supported by the vendor) and block port 20005 with a firewall. For Netgear devices there is no workaround according to the vendor – there is no possibility to disable the service or block the port with an integrated firewall. Hence an additional firewall would be needed
You should keep an eye out for patches too and update your devices as soon as patches are made available in order to prevent any possibility of NetUSB exploits.

No comments:

Post a Comment

Prevention Techniques: Cross-site request forgery (CSRF)

1. The best defense against CSRF attacks is unpredictable tokens, a piece of data that the server can use to validate the request, and wh...