Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote malicious users to execute arbitrary code by providing a long computer name in a session on TCP port 20005.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kcodes netusb - |
Vulnerability may allow ne'er-do-wells to access the 1990s
SEC Consult Vulnerability Lab Stefan Viehböck says potentially millions of routers and internet of things devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks. The packet fondler says the vulnerability (CVE-2015-3036) hits the Linux kernel module in scores of popular routers which serves to provide network access over TCP port 20005 to USB devices plugged into routers such as printers and external hard drives. Viehböck says the vulnerability triggered b...