Critical Vulnerability In NetUSB Driver Exposes Millions of Routers To Hacking

Posted by Soulskill on Wednesday May 20, 2015 @03:51AM from the it's-not-even-another-day-yet dept.

itwbennett writes: NetUSB, a service that lets devices connected over USB to a computer be shared with other machines on a local network or the Internet, is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers from a company called Sec Consult found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. The advisory notice has a list of affected routers.

2 of 70 comments (clear)

Min score:

Reason:

Sort:

NOT a kernel bug by Lost+Race · 2015-05-20 04:09 · Score: 5, Informative

This is some crappy proprietary firmware library for very low cost network devices. As TFA mentions, we can expect a lot more of these vulnerabilities in the "IoT".
DD-WRT / other open source router software? by Bovius · 2015-05-20 04:11 · Score: 5, Interesting

The advisory focuses on hardware brands - doesn't mention anything about aftermarket software. Anyone know?