Vulnerability Note VU#177092

KCodes NetUSB kernel driver is vulnerable to buffer overflow

Original Release date: 19 May 2015 | Last revised: 05 Jun 2015


KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.


KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036

According to the reporter, computer client data provided when connecting to the NetUSB server is not properly validated by the driver before processing, resulting in a buffer overflow that may lead to a denial of service or code execution. More information can be found in SEC Consult's advisory.

The NetUSB driver provided by KCodes has been integrated into several vendors' products. For more information, please see the Vendor Information section below.

CERT/CC has been unable to confirm this information directly with KCodes.


According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.


Update the firmware

Refer to the Vendor Information section below and contact your vendor for firmware update information.

Affected users may also consider the following workarounds:

Disable device sharing

Consult your device's vendor and documentation as some devices may allow disabling the USB device sharing service on your network.

Block port 20005

Blocking port 20005 on the local network may help mitigate this attack by preventing access to the service.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
D-Link Systems, Inc.Affected10 Apr 201522 May 2015
KCodesAffected06 Apr 201508 Apr 2015
Netgear, Inc.Affected10 Apr 201505 Jun 2015
TP-LINKAffected10 Apr 201518 May 2015
TRENDnetAffected10 Apr 201527 May 2015
ZyXELAffected10 Apr 201522 May 2015
Ambir TechnologiesNot Affected10 Apr 201521 May 2015
PeplinkNot Affected-01 Jun 2015
ALLNET GmbHUnknown15 Apr 201515 Apr 2015
AsanteUnknown15 Apr 201515 Apr 2015
CiscoUnknown29 Apr 201529 Apr 2015
DigitusUnknown15 Apr 201515 Apr 2015
Edimax Computer CompanyUnknown10 Apr 201510 Apr 2015
Encore ElectronicsUnknown10 Apr 201510 Apr 2015
IOGEARUnknown15 Apr 201515 Apr 2015
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base 5.7 AV:A/AC:M/Au:N/C:N/I:N/A:C
Temporal 4.9 E:POC/RL:W/RC:C
Environmental 3.7 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND



Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs: CVE-2015-3036
  • Date Public: 19 May 2015
  • Date First Published: 19 May 2015
  • Date Last Updated: 05 Jun 2015
  • Document Revision: 95


If you have feedback, comments, or additional information about this vulnerability, please send us email.