Security Experts:

Connect with us

Hi, what are you looking for?



Router Vendors Working to Patch NetUSB Driver Vulnerability

Router manufacturers whose products have been confirmed to be affected by the recently disclosed NetUSB driver security flaw say they are working on developing firmware updates that address the vulnerability.

Router manufacturers whose products have been confirmed to be affected by the recently disclosed NetUSB driver security flaw say they are working on developing firmware updates that address the vulnerability.

SEC Consult revealed last week that millions of routers could be exposed to attacks due to a kernel stack buffer overflow vulnerability (CVE-2015-3036) in the NetUSB driver from KCodes. The driver in question allows users to connect to USB devices plugged into a router or access point over the network.

The vulnerability, caused by insufficient input validation, can be triggered by connecting to the server from a client with a computer name longer than 64 characters. An unauthenticated attacker can exploit the flaw to cause a denial-of-service (DoS) condition or execute arbitrary code. The bug can be exploited by an attacker who has access to the local network, but exploitation over the Internet might also be possible in some cases.

SEC Consult says it has found evidence that a total of 26 vendors use NetUSB. However, so far, the security hole has been confirmed to affect products from TP-Link, TRENDnet, ZyXEL, Netgear, and D-Link.

KCodes has failed to communicate with SEC Consult regarding the availability of a fix. However, the security firm has learned that the Taiwan-based tech company has started shipping patched versions of NetUSB to router vendors.

TP-Link started releasing fixes before SEC Consult disclosed the existence of the flaw. The other router vendors published advisories informing users of their intention to release firmware updates in the upcoming period.

TRENDnet says the vulnerability affects the following models: TEW-811DRU, TEW-812DRU, TEW-813DRU, TEW-818DRU, TEW-823DRU, and TEW-828DRU. The company hopes to release firmware updates for these devices in early June.

According to ZyXEL, the NetUSB vulnerability affects four of its products: Wireless N300 NetUSB Router (NBG-419N v2), Wireless N300 Gigabit NetUSB Router (NBG4615 v2), Simultaneous Dual-Band Wireless N750 Media Router (NBG5615), and Simultaneous Dual-Band Wireless N900 Media Router (NBG5715). ZyXEL expects to release firmware updates for these models in mid-June.

“ZyXEL is aware of the vulnerability to KCodes NetUSB on four of ZyXEL routers and assures our customers that the rest of ZyXEL products are not affected. ZyXEL has identified the root cause and a fix to the problem. We are now in the process of rebuilding the NetUSB modules on the affected routers,” ZyXEL said.

Netgear, which calls the vulnerable feature “ReadySHARE,” says it will start releasing firmware versions that address this issue in July. Until updates are available, the company advises customers to take steps to block unauthorized access to their network.

“By default NETGEAR routers are pre-configured with random SSID and passphrase. It is recommended to change the SSID and passphrase, as well as administrator password to the router setup GUI page. You can also block unauthorized device from the NETGEAR Genie App or desktop application by right-clicking on the unauthorized device in the Network Map,” Netgear said.

In its own advisory, D-Link noted that the company does not currently deploy products using the NetUSB driver from KCodes. “All D-Link routers that deploy Shareport Mobile or mydlink Shareport are not affected,” the company said.

However, there are a dozen D-Link router models that use the vulnerable component. The list includes DIR-628, DIR-632, DIR-655, DIR-685, DIR-825, DIR-855, DGL-4500, DAP-1350, and DHP-1320. Firmware updates for these devices are under development, D-Link said.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.