KCodes NetUSB is vulnerable to a buffer overflow via the network that may result in a denial of service or code execution.
KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036
According to the reporter, an unauthenticated attacker on the local network can trigger a buffer overflow that may result in a denial of service or code execution. Some device default configurations may allow a remote attacker as well.
Update the firmware
Disable device sharing
D-Link Systems, Inc.
Edimax Computer Company
PROLiNK Fida Intl
Western Digital Technologies
Thanks to Stefan Viehboeck of SEC Consult Vulnerability Lab for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2015-05-19|
|Date Last Updated:||2015-06-05 14:54 UTC|