KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.
KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036
According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.
Update the firmware
Disable device sharing
D-Link Systems, Inc. Affected
Netgear, Inc. Affected
Ambir Technologies Not Affected
Peplink Not Affected
ALLNET GmbH Unknown
Edimax Computer Company Unknown
Encore Electronics Unknown
Longshine Networking Unknown
PROLiNK Fida Intl Unknown
Western Digital Technologies Unknown
Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2015-05-19|
|Date Last Updated:||2015-06-05 14:54 UTC|