A vulnerability in the software NetUSB detected by the specialists of the company Sec Consult, threatens millions of home routers. At risk are the products of D-Link, NETGEAR, TP-LINK, Trendnet and other manufacturers.
NetUSB is a Linux kernel module that runs the web server and provides the option of forwarding USB devices over the network. Many companies implement in their products the ability to use connected to the router printers, flash drives, Webcams, keyboards, sound cards via TCP/IP using this driver and its own Protocol.
When you access the router client NetUSB made in the form of apps for Windows and OS X, sends the computer name, and optionally specify its length. Because of the presence of vulnerabilities in the driver (CVE-2015-3036), specifying the length of the name exceeds 64 characters, an attacker can cause a buffer overflow, and organize the execution of arbitrary code.
The kernel module NetUSB.ko listens on port 20005, even if the router is not connected any USB devices. For the implementation of the authentication algorithm the AES block encryption with a static key that allows an attacker to remotely use a USB device. The main vulnerability lies in a fixed size buffer for the name of the connected computer. The overflow of this buffer leads to a stack overflow in the kernel.
Sec Consult experts confirmed the presence of vulnerabilities in routers TP-Link TL-WDR4300 V1, TP-Link WR1043ND v2, Netgear WNDR4500. After analysis of the image of the firmware from different manufacturers on the module NetUSB.ko, experts suggest that the vulnerable are still 92 product, including routers from D-Link, Netgear, TP-Link, Trendnet and ZyXEL Communications.
The researchers reported the problem to the manufacturers and CERT coordination center. At the moment the fix for the issue for some models only released TP-Link. Update still for 40 models of products come later. TP-Link, Netgear, D-Link and ZyXEL has not commented on the situation.