Security flaw in driver commonly found on routers could compromise connected hardware

Publicada por caddesigner on quinta-feira, 21 de maio de 2015 / Etiquetas: ,

A security flaw that affects a wide range of different routers from a number of different manufacturers could allow attackers to remotely execute code that compromises connected devices.

Reported by SEC Consult, the problem revolves around a technology called NetUSB from Taiwanese manufacturer KCodes that allows plug-and-play ‘USB over IP‘ functionality.

Essentially, NetUSB allows any USB device plugged directly into a router to be available to other devices, so that could be printer, external hard drive, USB storage key, etc. In order for Windows or Mac machines to access the devices plugged into a router, there’s a client-side driver for USB over IP too.

Easy access

SEC Consult’s investigation found that the routers could be compromised by running a stack buffer overflow attack, simply by specifying the name of a computer as longer than 64 characters. This could then allow attackers to execute arbitrary code or access devices plugged into the router.

“By specifying a name longer than 64 characters, the stack buffer overflows when the computer name is received from the socket. Easy as pie, the ‘90s are calling and want their vulns back, stack buffer overflow. All the server code runs in kernel mode, so this is a “rare” remote kernel stack buffer overflow,” the report says.

The researchers also note that while NetUSB was not accessible from the internet on any of the devices it tested, there is an indication that some expose the port (20005) that it uses to the outside world, obviously thereby opening connected devices up to attack.

More than 90 routers from a range of vendors were documented as containing the NetUSB driver. We’ve contacted D-Link, Netgear, TP-Link and TrendNet to see if a patch is due to roll out and when that might happen. We’re yet to receive any responses, however, SEC Consult said that TP-Link has already released some fixes for the vulnerability and will provide a rollout schedule for around 40 different products.

➤ KCodes NetUSB: How a Small Taiwanese Software Company Can Impact the Security of Millions of Devices Worldwide [SEC Consult via ArsTechnica]

Read next: There’s a new problem with SSL called “Logjam”, here’s what you need to know



from jushiung1 http://feedproxy.google.com/~r/TheNextWeb/~3/jUDu6rKZrUY/
via IFTTT

0 comentários:

Enviar um comentário