NetUSB vulnerability present in millions of routers

Security researchers discovered an amateurish security flaw in NetUSB, a Linux kernel drive commonly found in home routers. The driver allows computers to connect to USB devices or a network but security firm SEC Consult Vulnerability Lab discovered that a simple buffer overflow bug in the driver can be used to crash the router or remotely execute code.

NetUSB is commonly found on home routers, and not all of them enable the end-user to disable the feature. The bug is present in Netgear, TP-Link, Trendnet, and ZyXEL devices. ARS Technica writes at least 92 products are affected, including many current-generation models. Millions of routers are affected by the bug, a list of devices confirmed to be vulnerable can be found over here.

In its write up of the bug, the researchers described the issue as something of a throwback, writing "the '90s are calling and want their vulns back, stack buffer overflow." Simple stack buffer overflows in widely-deployed software are these days relatively unusual, as developers have become somewhat more conscientious of the danger they represent. But clearly not every developer has got the message yet.

SEC examined firmware for many SOHO routers, finding the flawed code in products from D-Link, Netgear, TP-Link, Trendnet, and ZyXEL. 92 different products, including many current generation models, were found to include the bad code (a full list is available in the advisory. A further 21 other vendors also appear to ship NetUSB products; SEC did not check those vendors' firmwares, so the dangerous driver is likely to be found in more than just those 92 devices. SEC estimates that millions of devices are affected.