Critical Vulnerability In NetUSB Driver Puts Millions Of Routers At Risk

NetUSB Bug

SEC Consult researchers have found a critical vulnerability in NetUSB service that could allow hackers to compromise routers and other embedded devices.

NetUSB is a service that allows the devices connected over USB to a computer be shared with other machines on a local network or the Internet. The shared devices can be printers, webcams, thumb drives, external hard disks and more.

VULNERABILITY DETAILS

As part of the connection initiation, the client sends its computer name. If a connecting computer has a name longer than 64 characters, a stack buffer overflow will be triggered in the NetUSB service, that could be exploited to execute malicious codes on the affected devices.

Since all the server code (NetUSB) runs in kernel mode, the attackers could gain the ability to execute malicious code on the affected devices with the highest possible privilege, the researchers said in a blog post.

Each vendor uses different terminology when referring to the NetUSB feature. NETGEAR calls it ReadySHARE, while other vendors simply call it “print sharing” or "USB share port".

AFFECTED PRODUCTS

The vulnerability has been verified to exist in most recent firmware versions of the following devices:
  • TP-Link TL-WDR4300 V1
  • TP-Link WR1043ND v2
  • NETGEAR WNDR4500
After examining the firmware images from different manufacturers for the presence of the NetUSB, the researchers believe that 92 other products from D-Link, Netgear, TP-Link, Trendnet and ZyXEL Communications are likely vulnerable.

"While NetUSB was not accessible from the internet on the devices we own, there is some indication that a few devices expose TCP port 20005 to the internet. We don’t know if this is due to user misconfiguration or the default setting within a specific device. Exposing NetUSB to the internet enables attackers to get access to USB devices of potential victims and this would actually count as another vulnerability," SEC Consult said.

PATCHES

As far as we know, only the TP-Link has issued patches for 40 of its products.

No comments

Powered by Blogger.