Router is one of the main component used in networking that helps in routing the packets and also in establishing the connection between devices and the Internet. Recently there has been a vulnerability revealed that makes millions of routers vulnerable.
The new security vulnerability assigned #CVE-2015-3036 is a remotely exploitable kernel level buffer overflow attack resides in Taiwan-based KCodes NetUSB.
#NetUSB is a linux kernel module that allows for users to flash drives, plug printers and other USB connected devices into the routers so that they can be accessed over the local network.
A security consultant carried out its analysis of thee NetUSB driver on a TP-Link device and he requires an authentication key based on AES encryption but it is of no use because the key resides in both the kernel device and the client software for Windows and OS X.
A NetUSB service code runs in kernel mode, an attacker within the local network can easily exploit this vulnerability to gain ability to remotely execute malicious code at the kernel level.
An attacker if exploit the vulnerability can crash the device and make the device to implant a malware in any device connected to that router. The vulnerability will be triggered when a client sends the computer name to the server deployed on the networking device (TCP port 20005) for establishing the connection.
The affected vendors are D-Link, TP-Link, ZyXEL, Netgear, TrendNet, Western Digital and many more. Proof of concept has been provided to the vendors and there has been no news about the patch.
TP-Link provided the patch for the vulnerability and released patch for 40 products and Netgear is yet to release a patch. Users are recommended to check for the firmware update and update it once the patch has been released by the vendors.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment