Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking

itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. The advisory notice has a list of affected routers.

DD-WRT / other open source router software?

[Bovius]

The advisory focuses on hardware brands - doesn't mention anything about aftermarket software. Anyone know?

Re:Who needed it?

[amorsen]

Seriously. NetUSB? On a router? WHY the devil would I want that?

Printer sharing. A problem that was solved well in the 80's and since re-solved slightly worse every few years. It is difficult to imagine a worse way than NetUSB, but I am sure there are developers out there with a better imagination than mine.