Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-3036

Published: 21/05/2015 Updated: 08/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Kcodes

Vulnerability Summary

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote malicious users to execute arbitrary code by providing a long computer name in a session on TCP port 20005.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kcodes netusb -

Exploits

Exploit DB: NetUSB Stack Buffer Overflow
NetUSB stack buffer overflow denial of service exploit ...
Exploit DB: Linux/MIPS Kernel 2.6.36 - 'NetUSB' Remote Code Execution
#!/usr/bin/env python # Source: haxxin/blasty-vs-netusbpy # # CVE-2015-3036 - NetUSB Remote Code Execution exploit (Linux/MIPS) # =========================================================================== # This is a weaponized exploit for the NetUSB kernel vulnerability # discovered by SEC Consult Vulnerability Lab [1] # # I don't li ...
Exploit DB: NetUSB - Kernel Stack Buffer Overflow
#!/usr/bin/env python # -*- coding: utf-8 -*- # Exploit Title: NetUSB Kernel Stack Buffer Overflow # Date: 9/10/15 # Exploit Author: Adrian Ruiz Bermudo # Vendor Homepage: wwwkcodescom/ # Version: Multiple: wwwsec-consultcom/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10txt # ...

Github Repositories

https://github.com/pandazheng/MiraiSecurity

Mirai

MiraiSecurity Mirai wwwcdxyme/?p=746 wwwfreebufcom/articles/network/119403html pastebincom/svH8tvd9 wwwfreebufcom/sectool/130091html wwwtuicoolcom/articles/qM7rMnb h4ckth4tsh1tcom/indexphp?u=/topic/18/ggsetup-a-mirai-botnet githubcom/rootblack45/Mirai-Source-Modded githubcom/Screamfox/-Mirai-Iot-BotNet

https://github.com/Leproide/TD-W8970-NetUSB-Fix-v1-

Fix NetUSB Bug for TD-W8970 v1 - Firmware Version: 0.6.0 2.14 v000c.0 Build 150619 Rel.50856n

TD-W8970-NetUSB-Fix-v1- Fix NetUSB Bug for TD-W8970 v1 - Firmware Version: 060 214 v000c0 Build 150619 Rel50856n A serious vulnerability affecting the NetUSB kernel driver developed by Taiwan-based tech company KCodes exposes millions of routers to hack attack Researchers at SEC Consult discovered that the NetUSB driver is plagued by a kernel stack buffer overflow vulnera

https://github.com/funsecurity/NetUSB-exploit

Exploit KCodes NetUSB | Kernel Stack Buffer Overflow | Denial of Service (DoS) Exploit para explotar la vulnerabilidad CVE-2015-3036 Found by: Stefan Viehböck (Office Vienna) | SEC Consult Vulnerability Lab | wwwsec-consultcom Exploit author: Adrián Ruiz Bermudo | @funsecurity | wwwfunsecuritynet Advisory: wwwsec-consultcom/fxdata/secco

Recent Articles

'Millions' of routers open to absurdly outdated NetUSB hijack
The Register • Darren Pauli • 20 May 2015

Vulnerability may allow ne'er-do-wells to access the 1990s

SEC Consult Vulnerability Lab Stefan Viehböck says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks. The packet fondler says the vulnerability (CVE-2015-3036) hits the Linux kernel module in scores of popular routers which serves to provide network access over TCP port 20005 to USB devices plugged into routers such as printers and external hard drives. Viehböck says the vulnerability triggered b...

Read more...

References

CWE-119http://www.kb.cert.org/vuls/id/177092https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txthttp://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.htmlhttp://packetstormsecurity.com/files/131987/KCodes-NetUSB-Buffer-Overflow.htmlhttp://www.securityfocus.com/bid/74724http://seclists.org/fulldisclosure/2015/May/74http://www.securitytracker.com/id/1032377https://www.exploit-db.com/exploits/38566/http://packetstormsecurity.com/files/133919/NetUSB-Stack-Buffer-Overflow.htmlhttp://seclists.org/fulldisclosure/2015/Oct/50https://www.exploit-db.com/exploits/38454/https://nvd.nist.govhttps://www.theregister.co.uk/2015/05/20/netusb_router_fail/https://github.com/pandazheng/MiraiSecurityhttps://www.exploit-db.com/exploits/38454/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook