CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
97.3%
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.
blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
packetstormsecurity.com/files/131987/KCodes-NetUSB-Buffer-Overflow.html
packetstormsecurity.com/files/133919/NetUSB-Stack-Buffer-Overflow.html
seclists.org/fulldisclosure/2015/May/74
seclists.org/fulldisclosure/2015/Oct/50
www.kb.cert.org/vuls/id/177092
www.securityfocus.com/bid/74724
www.securitytracker.com/id/1032377
www.exploit-db.com/exploits/38454/
www.exploit-db.com/exploits/38566/
www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt