Some models of routers TP-Link, Netgear, and Trendnet and ZyXEL, along with many other embedded products, may be vulnerable to a new flaw discovered in service NetUSB.
Millions of devices including routers and embedded devices are potentially hack by external aggressors. The vulnerability has been discovered in NetUSB service, which allows devices connected via USB to a computer to share its data with other machines on a local network or the Internet via IP. Among the devices at risk are Routers, Printers, Webcams, USB Flash Drives, External hard drives, and more.
The flaw of NetUSB was unveiled by Sec Consult in a post published Tuesday. The service is implemented in embedded systems based on Linux and works through the drivers developed by the Taiwanese KCodes Technology, which opened a server listens on TCP port 20005. Sec Consult has found that the service can be manipulated in a manner not too complex by connecting a device with a name longer than 64 characters.
NetUSB in this way is in stack buffer overflow and, with an exploit ad-hoc, you can run code remotely or send a DoS attack. Considering that the driver of the service operate in kernel mode, a vulnerability can offer the highest privileges possible for an attacker. NetUSB is found in many commercial products among the most common, but is often implemented by different names: Netgear calls such ReadySHARE, others with more generic names.
Sec Consult has released a list with the known patterns that contain the vulnerability: among these are cited TP-Link TL-WDR4300 V1, TP-Link WR1043ND v2 and Netgear WNDR4500. After scanning the firmware of many other products in search of the driver NetUSB.ko, the security company believes that 92 other products of the most famous manufacturers of routers may be affected by the vulnerability, citing over TP-Link and Netgear, also Trendnet and ZyXEL.
The researchers found evidence of the driver NetUSB.inf of devices 26 different manufacturers, an element that greatly expands the scope of the vulnerability. On some devices, you can block access to the port by using the firewall settings but on others, such as some models Netgear, this is impossible according to the source. Many vulnerable products also could be exposed only within the local network.
TP-Link is the only company to have released fix for the vulnerability, and has already planned correction of the same on a list of 40 products. Netgear, D-Link and ZyXEL have not yet responded on the matter.