Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking

itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. The advisory notice has a list of affected routers.

NOT a kernel bug

[Lost+Race]

This is some crappy proprietary firmware library for very low cost network devices. As TFA mentions, we can expect a lot more of these vulnerabilities in the "IoT".