Vulnerability Note VU#177092
KCodes NetUSB kernel driver is vulnerable to buffer overflow
KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.
KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036
According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.
Update the firmware
Disable device sharing
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|D-Link Systems, Inc.||Affected||10 Apr 2015||22 May 2015|
|KCodes||Affected||06 Apr 2015||08 Apr 2015|
|Netgear, Inc.||Affected||10 Apr 2015||05 Jun 2015|
|TP-LINK||Affected||10 Apr 2015||18 May 2015|
|TRENDnet||Affected||10 Apr 2015||27 May 2015|
|ZyXEL||Affected||10 Apr 2015||22 May 2015|
|Ambir Technologies||Not Affected||10 Apr 2015||21 May 2015|
|Peplink||Not Affected||-||01 Jun 2015|
|ALLNET GmbH||Unknown||15 Apr 2015||15 Apr 2015|
|Asante||Unknown||15 Apr 2015||15 Apr 2015|
|Cisco||Unknown||29 Apr 2015||29 Apr 2015|
|Digitus||Unknown||15 Apr 2015||15 Apr 2015|
|Edimax Computer Company||Unknown||10 Apr 2015||10 Apr 2015|
|Encore Electronics||Unknown||10 Apr 2015||10 Apr 2015|
|IOGEAR||Unknown||15 Apr 2015||15 Apr 2015|
CVSS Metrics (Learn More)
Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-3036
- Date Public: 19 May 2015
- Date First Published: 19 May 2015
- Date Last Updated: 05 Jun 2015
- Document Revision: 95
If you have feedback, comments, or additional information about this vulnerability, please send us email.