DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 12, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 76 people online.

 

Latest Reviews
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
 

Follow us
RSS
 

NetUSB vulnerability present in millions of routers

Posted on Thursday, May 21 2015 @ 14:30:17 CEST by


Security researchers discovered an amateurish security flaw in NetUSB, a Linux kernel drive commonly found in home routers. The driver allows computers to connect to USB devices or a network but security firm SEC Consult Vulnerability Lab discovered that a simple buffer overflow bug in the driver can be used to crash the router or remotely execute code.

NetUSB is commonly found on home routers, and not all of them enable the end-user to disable the feature. The bug is present in Netgear, TP-Link, Trendnet, and ZyXEL devices. ARS Technica writes at least 92 products are affected, including many current-generation models. Millions of routers are affected by the bug, a list of devices confirmed to be vulnerable can be found over here.
In its write up of the bug, the researchers described the issue as something of a throwback, writing "the '90s are calling and want their vulns back, stack buffer overflow." Simple stack buffer overflows in widely-deployed software are these days relatively unusual, as developers have become somewhat more conscientious of the danger they represent. But clearly not every developer has got the message yet.

SEC examined firmware for many SOHO routers, finding the flawed code in products from D-Link, Netgear, TP-Link, Trendnet, and ZyXEL. 92 different products, including many current generation models, were found to include the bad code (a full list is available in the advisory. A further 21 other vendors also appear to ship NetUSB products; SEC did not check those vendors' firmwares, so the dangerous driver is likely to be found in more than just those 92 devices. SEC estimates that millions of devices are affected.




 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba