Corsair RM1200X SHIFT 1200W PSU Review
Intel NUC 13 Pro (Arena Canyon) review
Endorfy Arx 700 Air chassis review
Beelink SER5 Pro (Ryzen 7 5800H) mini PC review
Crucial T700 PCIe 5.0 NVMe SSD Review - 12GB/s
Sapphire Radeon RX 7600 PULSE review
Gainward GeForce RTX 4060 Ti GHOST review
Radeon RX 7600 review
ASUS GeForce RTX 4060 Ti TUF Gaming review
MSI GeForce RTX 4060 Ti Gaming X TRIO review
Millions Of Routers Vulnerable To Attacks Due To NetUSB Bug
A serious vulnerability affecting the NetUSB kernel driver developed by Taiwan-based tech company KCodes exposes millions of routers to hack attacks, researchers have warned. According to its website, KCodes is one of the leading developers and suppliers of USB over IP solutions. The company says over 20% of world's networking devices include KCodes technology.
According to its website, KCodes is one of the leading developers and suppliers of USB over IP solutions. The company says over 20% of world’s networking devices include KCodes technology.
The NetUSB (USB over IP) kernel driver developed by the company is designed to allow users to connect over their network to USB devices plugged into a router, access point, or other Linux-based embedded system. Users can access speakers, printers, hard drives, webcams and other USB devices by connecting to a NetUSB server via the Windows or OS X client.
Researchers at SEC Consult discovered that the NetUSB driver is plagued by a kernel stack buffer overflow vulnerability (CVE-2015-3036) that can be exploited by an unauthenticated attacker to execute arbitrary code or cause a denial-of-service (DoS) condition. The flaw, caused by insufficient input validation, can be triggered by specifying a computer name that is longer than 64 characters when the client connects to the server.
KCodes’ NetUSB driver is integrated into products from several vendors, including Netgear, TP-Link, ZyXEL, and TRENDnet. The feature is advertised with various names, such as “print sharing,” “USB share port” and “ReadySHARE.”
SEC Consult has confirmed that the vulnerability affects the latest firmware versions for TP-Link TL-WDR4300 V1, TP-Link WR1043ND v2, and Netgear WNDR4500. Researchers also identified the NetUSB feature in tens of router models from D-Link, Netgear, TP-Link, TRENDnet, and ZyXEL.
Furthermore, a component of the driver makes references to a total of 26 vendors that have likely licensed the NetUSB technology. The list includes Allnet, Ambir Technology, AMIT, Asante, Atlantis, Corega, Digitus, EDIMAX, Encore Electronics, Engenius, Etop, Hardlink, Hawking, IOGEAR, LevelOne, Longshine, PCI, PROLiNK, Sitecom, Taifa, and Western Digital.
The vulnerability can be exploited by an attacker on the local network, but in some cases exploitation over the Internet might also be possible through TCP port 20005, the port used by the server for client connections.
“While NetUSB was not accessible from the internet on the devices we own, there is some indication that a few devices expose TCP port 20005 to the internet. We don’t know if this is due to user misconfiguration or the default setting within a specific device. Exposing NetUSB to the internet enables attackers to get access to USB devices of potential victims and this would actually count as another vulnerability,” SEC Consult wrote in a blog post.
SEC Consult informed KCodes of the existence of the vulnerability in February, but so far the vendor has failed to properly communicate the status of a patch.
The security firm told that it hasn’t heard from KCodes since March 25, but it has learned that Netgear and TP-Link received patches for their firmware from the developer. Vendors can’t address the bug without the patch from KCodes, SEC Consult noted.
“To this day, only TP-LINK released fixes for the vulnerability and provided a release schedule for about 40 products. Sometimes NetUSB can be disabled via the web interface, but at least on NETGEAR devices this does not mitigate the vulnerability. NETGEAR told us, that there is no workaround available, the TCP port can't be firewalled nor is there a way to disable the service on their devices,” SEC Consult said.
Millions of infected machines might go offline March 8 - - 02/18/2012 02:02 PM
In three weeks, the FBI could knock millions of infected systems offline by disabling some DNS servers as techspot reported. In November, Estonian authorities arrested six men suspected of using "...
Millions Copies of Dirt 3 keys leaked onto web - 09/07/2011 07:42 AM
Publishers Codemasters and graphics card manufacturer AMD have been running a promotion lately whereby purchasers of a card got a free copy of excellent racer Dirt 3. That offer has now been, uh, slig...
Samsung invest millions into Fusion-io SSD specialists - 10/22/2009 09:56 AM
Samsung have invested
Millions infected by new Windows Worm - 01/19/2009 11:53 AM
The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008. Although Microsoft released a patch, it has gone on to infect 3.5m machines. Experts warn this figure...
Kaarme
Senior Member
Posts: 3406
Joined: 2013-03-10
Senior Member
Posts: 3406
Joined: 2013-03-10
#5080000 Posted on: 05/25/2015 11:11 AM
Another good example of the famous Asian customer support: No comment from the manufacturer months after the flaw was exposed.
Another good example of the famous Asian customer support: No comment from the manufacturer months after the flaw was exposed.
intellimoo
Senior Member
Posts: 337
Joined: 2004-08-29
Senior Member
Posts: 337
Joined: 2004-08-29
#5080241 Posted on: 05/25/2015 07:08 PM
So this doesn't affect any of the "big boys" (D-Link, Netgear, e.g.)?
So this doesn't affect any of the "big boys" (D-Link, Netgear, e.g.)?
PhazeDelta1
Senior Member
Posts: 15616
Joined: 2010-09-12
Senior Member
Posts: 15616
Joined: 2010-09-12
#5080253 Posted on: 05/25/2015 07:19 PM
Yes.. There's a list floating around showing which models are vulnerable.
So this doesn't affect any of the "big boys" (D-Link, Netgear, e.g.)?
Yes.. There's a list floating around showing which models are vulnerable.
TheDeeGee
Senior Member
Posts: 8879
Joined: 2010-08-28
Senior Member
Posts: 8879
Joined: 2010-08-28
#5080311 Posted on: 05/25/2015 09:08 PM
Here is the list with some more info.
Sadly enough my Netgear R7000 is in there aswell.
So this doesn't affect any of the "big boys" (D-Link, Netgear, e.g.)?
Here is the list with some more info.
Sadly enough my Netgear R7000 is in there aswell.
SEC Consult Vulnerability Lab Security Advisory < 20150519-0 >
=======================================================================
title: Kernel Stack Buffer Overflow
product: KCodes NetUSB
vulnerable version: see Vulnerable / tested versions
fixed version: see Solution
CVE number: CVE-2015-3036, VU#177092
impact: Critical
homepage: http://www.kcodes.com/
found: 2015-02-23
by: Stefan Viehböck (Office Vienna)
SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Berlin - Frankfurt/Main - Montreal - Singapore
Vienna (HQ) - Vilnius - Zurich
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"The world's premier technology provider of mobile printing, audio and
video communication, file sharing, and USB applications for iPhones,
iPads, smart phones and tablets (Android and Windows), MacBooks, and
Ultrabooks."
Source: http://www.kcodes.com/
Vulnerability overview/description:
-----------------------------------
NetUSB suffers from a remotely exploitable kernel stack buffer overflow.
Because of insufficient input validation, an overly long computer name can be
used to overflow the "computer name" kernel stack buffer. This results in
memory corruption which can be turned into arbitrary remote code execution.
Furthermore, a more detailed summary of this advisory has been published at our
blog: http://blog.sec-consult.com
Proof of concept:
-----------------
Below is an excerpt from the vulnerable run_init_sbus() function (pseudo code):
int computername_len;
char computername_buf;
// connection initiation, handshake
len = ks_recv(sock, &computername_len, 4, 0);
// ...
len = ks_recv(sock, computername_buf, computername_len, 0); // boom!
A proof of concept "netusb_bof.py" has been developed which exploits the
vulnerability. The PoC DoS exploit will not be published as many vendors
did not patch the vulnerability yet.
Example use that results in denial-of-service (kernel memory corruption that
results in a device reboot):
./netusb_bof.py 192.168.1.1 20005 500
Vulnerable / tested versions:
-----------------------------
The vulnerability has been verified to exist in most recent firmware versions
of the following devives:
TP-Link TL-WDR4300 V1
TP-Link WR1043ND v2
NETGEAR WNDR4500
Furthermore we've identified NetUSB in the most recent firmware version of the
following products (list is not necessarily complete!):
D-Link DIR-615 C
NETGEAR AC1450
NETGEAR CENTRIA (WNDR4700/4720)
NETGEAR D6100
NETGEAR D6200
NETGEAR D6300
NETGEAR D6400
NETGEAR DC112A
NETGEAR DC112A (Zain)
NETGEAR DGND4000
NETGEAR EX6200
NETGEAR EX7000
NETGEAR JNR3000
NETGEAR JNR3210
NETGEAR JR6150
NETGEAR LG6100D
NETGEAR PR2000
NETGEAR R6050
NETGEAR R6100
NETGEAR R6200
NETGEAR R6200v2
NETGEAR R6220
NETGEAR R6250
NETGEAR R6300v1
NETGEAR R6300v2
NETGEAR R6700
NETGEAR R7000
NETGEAR R7500
NETGEAR R7900
NETGEAR R8000
NETGEAR WN3500RP
NETGEAR WNDR3700v5
NETGEAR WNDR4300
NETGEAR WNDR4300v2
NETGEAR WNDR4500
NETGEAR WNDR4500v2
NETGEAR WNDR4500v3
NETGEAR XAU2511
NETGEAR XAUB2511
TP-LINK Archer C2 V1.0 (Fix planned before 2015/05/22)
TP-LINK Archer C20 V1.0 (Not affected)
TP-LINK Archer C20i V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer C5 V1.2 (Fix planned before 2015/05/22)
TP-LINK Archer C5 V2.0 (Fix planned before 2015/05/30)
TP-LINK Archer C7 V1.0 (Fix planned before 2015/05/30)
TP-LINK Archer C7 V2.0 (Fix already released)
TP-LINK Archer C8 V1.0 (Fix planned before 2015/05/30)
TP-LINK Archer C9 V1.0 (Fix planned before 2015/05/22)
TP-LINK Archer D2 V1.0 (Fix planned before 2015/05/22)
TP-LINK Archer D5 V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer D7 V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer D7B V1.0 (Fix planned before 2015/05/31)
TP-LINK Archer D9 V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer VR200v V1.0 (Fix already released)
TP-LINK TD-VG3511 V1.0 (End-Of-Life)
TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/31)
TP-LINK TD-W1042ND V1.0 (End-Of-Life)
TP-LINK TD-W1043ND V1.0 (End-Of-Life)
TP-LINK TD-W8968 V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8968 V2.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8968 V3.0 (Fix planned before 2015/05/25)
TP-LINK TD-W8970 V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8970 V3.0 (Fix already released)
TP-LINK TD-W8970B V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8980 V3.0 (Fix planned before 2015/05/25)
TP-LINK TD-W8980B V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W9980 V1.0 (Fix already released)
TP-LINK TD-W9980B V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-WDR4900 V1.0 (End-Of-Life)
TP-LINK TL-WR1043ND V2.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR1043ND V3.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR1045ND V2.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR3500 V1.0 (Fix planned before 2015/05/22)
TP-LINK TL-WR3600 V1.0 (Fix planned before 2015/05/22)
TP-LINK TL-WR4300 V1.0 (Fix planned before 2015/05/22)
TP-LINK TL-WR842ND V2.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR842ND V1.0 (End-Of-Life)
TP-LINK TX-VG1530(GPON) V1.0 (Fix planned before 2015/05/31)
Trendnet TE100-MFP1 (v1.0R)
Trendnet TEW-632BRP (A1.0R)
Trendnet TEW-632BRP (A1.1R/A1.2R)
Trendnet TEW-632BRP (A1.1R/A1.2R/A1.3R)
Trendnet TEW-634GRU (v1.0R)
Trendnet TEW-652BRP (V1.0R)
Trendnet TEW-673GRU (v1.0R)
Trendnet TEW-811DRU (v1.0R)
Trendnet TEW-812DRU (v1.0R)
Trendnet TEW-812DRU (v2.xR)
Trendnet TEW-813DRU (v1.0R)
Trendnet TEW-818DRU (v1.0R)
Trendnet TEW-823DRU (v1.0R)
Trendnet TEW-MFP1 (v1.0R)
Zyxel NBG-419N v2
Zyxel NBG4615 v2
Zyxel NBG5615
Zyxel NBG5715
Based on information embedded in KCodes drivers we believe the following
vendors are affected:
Allnet
Ambir Technology
AMIT
Asante
Atlantis
Corega
Digitus
D-Link
EDIMAX
Encore Electronics
Engenius
Etop
Hardlink
Hawking
IOGEAR
LevelOne
Longshine
NETGEAR
PCI
PROLiNK
Sitecom
Taifa
TP-LINK
TRENDnet
Western Digital
ZyXEL
Vendor contact timeline:
------------------------
2015-02-28: Contacting vendor through support@kcodes.com
2015-03-04: No response, contacting various KCodes addresses found on the web.
2015-03-05: Vendor responds, requests more information.
2015-03-05: Providing advisory and proof of concept exploit.
2015-03-16: No response, requesting status update.
2015-03-16: Vendor responds, asks about fix verification(?)
2015-03-16: Requesting clarification about fixing status and information about
next steps. Proposing conference call dates.
2015-03-19: No response, informing that notification of CERT/CC and selected
vendors will start shortly. Requesting clarification about fixing
status and information about next steps again.
2015-03-19: Vendor responds, confirms conference call date (2015-03-25). No
further information provided.
2015-03-19: Providing advisory and proof of concept exploit to TP-LINK and
NETGEAR.
2015-03-25: Vendor cancels conference call on short notice (sudden week-long
business trip).
2015-03-26: Asking for support of CERT/CC regarding vendor coordination.
2015-03 - 2015-05: Coordination between CERT & vendors, NETGEAR and TP-LINK
2015-05-13: Notifying German CERT-Bund and Austrian CERT.at
2015-05-19: Coordinated release of security advisory
Solution:
---------
TP-LINK has started releasing fixed firmware. The status of affected products
can be found in the affected product list above.
For additional information also see CERT/CC vulnerability notice:
http://www.kb.cert.org/vuls/id/177092
Workaround:
-----------
Sometimes NetUSB can be disabled via the web interface, but at least on NETGEAR
devices this does not mitigate the vulnerability. NETGEAR told us, that there is
no workaround available, the TCP port can't be firewalled nor is there a way to
disable the service on their devices.
Advisory URL:
-------------
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult
Berlin - Frankfurt/Main - Montreal - Singapore - Vienna (HQ) - Vilnius - Zurich
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm
Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/About/Contact.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec-consult
EOF Stefan Viehböck / @2015
=======================================================================
title: Kernel Stack Buffer Overflow
product: KCodes NetUSB
vulnerable version: see Vulnerable / tested versions
fixed version: see Solution
CVE number: CVE-2015-3036, VU#177092
impact: Critical
homepage: http://www.kcodes.com/
found: 2015-02-23
by: Stefan Viehböck (Office Vienna)
SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Berlin - Frankfurt/Main - Montreal - Singapore
Vienna (HQ) - Vilnius - Zurich
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"The world's premier technology provider of mobile printing, audio and
video communication, file sharing, and USB applications for iPhones,
iPads, smart phones and tablets (Android and Windows), MacBooks, and
Ultrabooks."
Source: http://www.kcodes.com/
Vulnerability overview/description:
-----------------------------------
NetUSB suffers from a remotely exploitable kernel stack buffer overflow.
Because of insufficient input validation, an overly long computer name can be
used to overflow the "computer name" kernel stack buffer. This results in
memory corruption which can be turned into arbitrary remote code execution.
Furthermore, a more detailed summary of this advisory has been published at our
blog: http://blog.sec-consult.com
Proof of concept:
-----------------
Below is an excerpt from the vulnerable run_init_sbus() function (pseudo code):
int computername_len;
char computername_buf;
// connection initiation, handshake
len = ks_recv(sock, &computername_len, 4, 0);
// ...
len = ks_recv(sock, computername_buf, computername_len, 0); // boom!
A proof of concept "netusb_bof.py" has been developed which exploits the
vulnerability. The PoC DoS exploit will not be published as many vendors
did not patch the vulnerability yet.
Example use that results in denial-of-service (kernel memory corruption that
results in a device reboot):
./netusb_bof.py 192.168.1.1 20005 500
Vulnerable / tested versions:
-----------------------------
The vulnerability has been verified to exist in most recent firmware versions
of the following devives:
TP-Link TL-WDR4300 V1
TP-Link WR1043ND v2
NETGEAR WNDR4500
Furthermore we've identified NetUSB in the most recent firmware version of the
following products (list is not necessarily complete!):
D-Link DIR-615 C
NETGEAR AC1450
NETGEAR CENTRIA (WNDR4700/4720)
NETGEAR D6100
NETGEAR D6200
NETGEAR D6300
NETGEAR D6400
NETGEAR DC112A
NETGEAR DC112A (Zain)
NETGEAR DGND4000
NETGEAR EX6200
NETGEAR EX7000
NETGEAR JNR3000
NETGEAR JNR3210
NETGEAR JR6150
NETGEAR LG6100D
NETGEAR PR2000
NETGEAR R6050
NETGEAR R6100
NETGEAR R6200
NETGEAR R6200v2
NETGEAR R6220
NETGEAR R6250
NETGEAR R6300v1
NETGEAR R6300v2
NETGEAR R6700
NETGEAR R7000
NETGEAR R7500
NETGEAR R7900
NETGEAR R8000
NETGEAR WN3500RP
NETGEAR WNDR3700v5
NETGEAR WNDR4300
NETGEAR WNDR4300v2
NETGEAR WNDR4500
NETGEAR WNDR4500v2
NETGEAR WNDR4500v3
NETGEAR XAU2511
NETGEAR XAUB2511
TP-LINK Archer C2 V1.0 (Fix planned before 2015/05/22)
TP-LINK Archer C20 V1.0 (Not affected)
TP-LINK Archer C20i V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer C5 V1.2 (Fix planned before 2015/05/22)
TP-LINK Archer C5 V2.0 (Fix planned before 2015/05/30)
TP-LINK Archer C7 V1.0 (Fix planned before 2015/05/30)
TP-LINK Archer C7 V2.0 (Fix already released)
TP-LINK Archer C8 V1.0 (Fix planned before 2015/05/30)
TP-LINK Archer C9 V1.0 (Fix planned before 2015/05/22)
TP-LINK Archer D2 V1.0 (Fix planned before 2015/05/22)
TP-LINK Archer D5 V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer D7 V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer D7B V1.0 (Fix planned before 2015/05/31)
TP-LINK Archer D9 V1.0 (Fix planned before 2015/05/25)
TP-LINK Archer VR200v V1.0 (Fix already released)
TP-LINK TD-VG3511 V1.0 (End-Of-Life)
TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/31)
TP-LINK TD-W1042ND V1.0 (End-Of-Life)
TP-LINK TD-W1043ND V1.0 (End-Of-Life)
TP-LINK TD-W8968 V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8968 V2.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8968 V3.0 (Fix planned before 2015/05/25)
TP-LINK TD-W8970 V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8970 V3.0 (Fix already released)
TP-LINK TD-W8970B V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W8980 V3.0 (Fix planned before 2015/05/25)
TP-LINK TD-W8980B V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-W9980 V1.0 (Fix already released)
TP-LINK TD-W9980B V1.0 (Fix planned before 2015/05/30)
TP-LINK TD-WDR4900 V1.0 (End-Of-Life)
TP-LINK TL-WR1043ND V2.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR1043ND V3.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR1045ND V2.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR3500 V1.0 (Fix planned before 2015/05/22)
TP-LINK TL-WR3600 V1.0 (Fix planned before 2015/05/22)
TP-LINK TL-WR4300 V1.0 (Fix planned before 2015/05/22)
TP-LINK TL-WR842ND V2.0 (Fix planned before 2015/05/30)
TP-LINK TL-WR842ND V1.0 (End-Of-Life)
TP-LINK TX-VG1530(GPON) V1.0 (Fix planned before 2015/05/31)
Trendnet TE100-MFP1 (v1.0R)
Trendnet TEW-632BRP (A1.0R)
Trendnet TEW-632BRP (A1.1R/A1.2R)
Trendnet TEW-632BRP (A1.1R/A1.2R/A1.3R)
Trendnet TEW-634GRU (v1.0R)
Trendnet TEW-652BRP (V1.0R)
Trendnet TEW-673GRU (v1.0R)
Trendnet TEW-811DRU (v1.0R)
Trendnet TEW-812DRU (v1.0R)
Trendnet TEW-812DRU (v2.xR)
Trendnet TEW-813DRU (v1.0R)
Trendnet TEW-818DRU (v1.0R)
Trendnet TEW-823DRU (v1.0R)
Trendnet TEW-MFP1 (v1.0R)
Zyxel NBG-419N v2
Zyxel NBG4615 v2
Zyxel NBG5615
Zyxel NBG5715
Based on information embedded in KCodes drivers we believe the following
vendors are affected:
Allnet
Ambir Technology
AMIT
Asante
Atlantis
Corega
Digitus
D-Link
EDIMAX
Encore Electronics
Engenius
Etop
Hardlink
Hawking
IOGEAR
LevelOne
Longshine
NETGEAR
PCI
PROLiNK
Sitecom
Taifa
TP-LINK
TRENDnet
Western Digital
ZyXEL
Vendor contact timeline:
------------------------
2015-02-28: Contacting vendor through support@kcodes.com
2015-03-04: No response, contacting various KCodes addresses found on the web.
2015-03-05: Vendor responds, requests more information.
2015-03-05: Providing advisory and proof of concept exploit.
2015-03-16: No response, requesting status update.
2015-03-16: Vendor responds, asks about fix verification(?)
2015-03-16: Requesting clarification about fixing status and information about
next steps. Proposing conference call dates.
2015-03-19: No response, informing that notification of CERT/CC and selected
vendors will start shortly. Requesting clarification about fixing
status and information about next steps again.
2015-03-19: Vendor responds, confirms conference call date (2015-03-25). No
further information provided.
2015-03-19: Providing advisory and proof of concept exploit to TP-LINK and
NETGEAR.
2015-03-25: Vendor cancels conference call on short notice (sudden week-long
business trip).
2015-03-26: Asking for support of CERT/CC regarding vendor coordination.
2015-03 - 2015-05: Coordination between CERT & vendors, NETGEAR and TP-LINK
2015-05-13: Notifying German CERT-Bund and Austrian CERT.at
2015-05-19: Coordinated release of security advisory
Solution:
---------
TP-LINK has started releasing fixed firmware. The status of affected products
can be found in the affected product list above.
For additional information also see CERT/CC vulnerability notice:
http://www.kb.cert.org/vuls/id/177092
Workaround:
-----------
Sometimes NetUSB can be disabled via the web interface, but at least on NETGEAR
devices this does not mitigate the vulnerability. NETGEAR told us, that there is
no workaround available, the TCP port can't be firewalled nor is there a way to
disable the service on their devices.
Advisory URL:
-------------
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab
SEC Consult
Berlin - Frankfurt/Main - Montreal - Singapore - Vienna (HQ) - Vilnius - Zurich
About SEC Consult Vulnerability Lab
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
ensures the continued knowledge gain of SEC Consult in the field of network
and application security to stay ahead of the attacker. The SEC Consult
Vulnerability Lab supports high-quality penetration testing and the evaluation
of new offensive and defensive technologies for our customers. Hence our
customers obtain the most current information about vulnerabilities and valid
recommendation about the risk profile of new technologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Interested to work with the experts of SEC Consult?
Send us your application https://www.sec-consult.com/en/Career.htm
Interested in improving your cyber security with the experts of SEC Consult?
Contact our local offices https://www.sec-consult.com/en/About/Contact.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec-consult
EOF Stefan Viehböck / @2015
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 586
Joined: 2008-06-20
Error
This story does not exist
Hilbert, please check the page\link