Posted on 05/21/2015 10:39:51 PM PDT by Utilizer
...
Networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected by a recently disclosed vulnerability in a USB device-sharing service called NetUSB.
ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year.
The vulnerability, tracked as CVE-2015-3036, is located in a Linux kernel module called NetUSB that's commonly used in routers and other embedded devices. The module is developed by a Taiwan-based company called KCodes Technology and allows routers to share USB devices with other computers via the Internet Protocol (IP).
Researchers from a company called Sec Consult found a buffer overflow vulnerability in the NetUSB service, which listens for connecting clients on TCP port 20005. The vulnerability can be exploited to execute malicious code on vulnerable devices with the highest possible privilege, leading to a complete compromise.
Based on firmware scans, the Sec Consult researchers believe that over 90 products from D-Link, Netgear, TP-Link, Trendnet and ZyXEL are likely vulnerable. Products from 21 other vendors might be affected as well.
(Excerpt) Read more at computerworld.com ...
More info, ping...
And then that will need a fix...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.