Router drive Assembly NetUSB exposure remote overflow vulnerability affects D-Link, NETGEAR, TP-LINK, etc. millions of network-vulnerability warning-the black bar safety net

2015-05-23T00:00:00
ID MYHACK58:62201562768
Type myhack58
Reporter 佚名
Modified 2015-05-23T00:00:00

Description

Well-known router D-Link, NETGEAR, TP-LINK on the important drive components of the NetUSB was traced to the presence of serious remote overflow vulnerability, affecting millions of routing and embedded devices. NetUSB technology by Taiwanese companies profit code, KCodes develop it. myhack58 Wikipedia: NetUSB technology NetUSB technology by Taiwanese companies profit code, KCodes development, designed to provide equipment on the USB function. It relies on the Linux kernel driver boot running Windows or OS X computer system software client communication with the server. This function allows the user to connect USB devices, printers, hard disk drives. Different manufacturers have different titles, including“ReadySHARE”, the“USB share port”or“print share”, etc. Vulnerability description This vulnerability is by the Austrian security company SEC Consult researcher Stefan Viehbock submission, vulnerability number CVE-2 0 1 5-3 0 3 6, When the client sends the computer name to the network device to the service end TCP port 2 0 0 0 5, with the port after the connection is established, you can trigger this vulnerability. If the client sends the computer name length is greater than 6 4 characters that will make containing NetUSB module of the device overflow occurs, thereby causing the memory damage. On Thursday, the SEC Consult of a statement mentioned: “Because the service end of the lack of sufficient validation, too long of a computer name may be exploited by hackers to carry out kernel overflow attacks, and finally may evolve into remote code attacks or DoS attacks.” Vulnerability how to form? SEC Consult company researchers in a TP-Link device, demonstrates the NetUSB driver of the exploit process: first, in order to establish the client on the service side of the connection, you need AES key authentication. However, the researchers say, this authentication can be bypassed, because the AES key exists in both the kernel driver and the Windows and OS X client. “Loopholes in the case, the NetUSB server code will run in kernel mode, so this is a“rare”remote overflow attacks.” Vulnerability hazard Run in kernel mode NetUSB Service Code is very deadly, and hackers exploit this vulnerability, you can easily in the kernel-level remote execution of malicious code, master Routing and other network devices of the life and death vitals. This vulnerability means that a hacker can high permissions control network device. Whether you want to take down the device's kernel module, or use the network device doing the man in the middle, to the victim's computer to install malicious software, are can. The affected vendors SEC Consult Company believes that the following integrated Taiwan interference digital technology of the NetUSB-driven device, may be susceptible to the impact of vulnerability: ALLNET, Ambir Technology, AMIT, Asante, Atlantis, Corega, Digitus, D-Link, EDIMAX, Encore Electronics, EnGenius, HawkingTechnology, IOGEAR, LevelOne, LONGSHINE, NETGEAR, PCI, PROLiNK, Sitecom, TP-LINK, TRENDnet, Western Digital, ZyXEL and. Vendor response SEC Consult company in February and March contact the Taiwan interactive brokers code technology several times, confirmed that the vulnerability detail, providing POC code. However, the vulnerability still is not a patch. In the disclosed vulnerability details after a SEC Consult company has worked tirelessly to contacted TP-Link and NetGear both vendors, as well as many other CERT bodies, notice their vulnerabilities. So far, only the TP-Link company has given this vulnerability provides a repair solution, to its about 4 0 a product of playing on a patch, and the NetGear company also didn't release the patch. As for other manufacturers, now and not on the vulnerability to respond. Temporary solutions NetUSB service in all containing vulnerability of the devices are enabled by default, that is even without a USB device connected, the NetUSB service is still running. In some manufacturers of the device, the user can from the WEB Management Control Interface to turn off this service, you can also use firewalls to shield the network device 2 0 0 0 5 port. However, the some manufacturers of equipment can not achieve this point. “At least in the NETGEAR device, is not a temporary patch on this vulnerability. NETGEAR company personnel told us that TCP port 2 0 0 0 5 Not is Firewall the shield, there is no way to disable them on the device of this NetUSB service.” If your device is vulnerable to this issue, that the recent will need to pay close attention to product updates, fight in the attack as soon as possible before the fight on the patch.