Millions of Networking Devices May Run Vulnerable NetUSB Code
NetUSB code used in products from D-Link, NETGEAR, TP-LINK, TRENDnet and ZyXEL for sharing different USB devices over the network includes a vulnerability that could be exploited for arbitrary remote code execution.
The vulnerability has been confirmed in gigabit routers from TP-Link (TL-WDR4300 v1 and v2) and NETGEAR (WNDR4500). Based on its research, SEC Consult believes that 26 vendors use the technology from KCodes.
TP-LINK has released fixes for the NetUSB vulnerability and scheduled patches for about 40 products.
In some cases, a workaround is available, consisting in disabling NetUSB via the web interface, but this action does not mitigate the issue on all affected devices.
NETGEAR said that, on their products, the risk cannot be alleviated because the TCP port used by the server cannot be firewalled and there is no way to disable the service.
http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
Here we have another case that shows the sad state of embedded systems security. Because the same vendors are building the IoT devices of tomorrow, we will see a lot of this in the future.
Link to vulnerable/tested versions (plain text): https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt
