NetUSB vulnerability leaves millions of connected devices open to attack

Security researchers have published proof-of-concept code for a major router vulnerability leveraging a popular Linux kernel driver that could be used by hackers to compromise millions of connected devices.

2015-05-2714-37-28.jpg

Security researchers have published proof-of-concept code for a major router vulnerability leveraging a popular driver that could be used by hackers to compromise millions of connected devices.

The vulnerable Linux kernel driver is called NetUSB, and it allows USB devices such as printers, external hard drives and flash drives to be connected to a router or access point so as to be made available on the network. The NetUSB technology belongs to a Taiwanese firm called KCodes Technology, but each vendor has a different name for the technology. Netgear calls it ReadySHARE, while other vendors use terms such as "print sharing" or "USB share port."

The vulnerability, which can be used to deliver denial-of-service attacks and as well as run code remotely, was uncovered by SEC Consult Vulnerability Lab. The firm says it has identified 26 vendors whose products were likely affected by the router flaw.

"The client side is implemented in software that is available for Windows and OS X," writes SEC Consult in a blog post. "It connects to the server and simulates the devices that are plugged into the embedded system locally. The user experience is like that of a USB device physically plugged into a client system. It's worth noting, that the NetUSB feature was enabled on all devices that we checked and the server was still running even when no USB devices were plugged in!"

The exploit itself is an old-school buffer overflow, where a client sends a computer name to the device that is longer than 64 characters.

Certain TP-LINK and Netgear devices are known to be vulnerable, but the researchers believe that devices from a whole range of manufacturers including IOGear, Western Digital, and ZyXEL are affected. For a full list of devices that are possibly affected by this vulnerability, check out the advisory.

The researchers attempted to contact KCodes with regards to the vulnerability back in February of this year, but only got back "a few nonsensical responses" before being ignored.

According to SEC Consult, only TP-LINK has released fixes, with ZyXEL, Netgear and D-Link saying that patches are in the pipeline.

Routers have become a popular target for hackers, and earlier this month researchers uncovered an exploit kit that brings together vulnerabilities relating to multiple products into a single easy-to-use tool that the bad guys can use.

See also:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All