A critical leak in a component of the "USB over IP" feature causes millions of routers to be vulnerable, according to security company SEC Consult. The vulnerability resides in the NetUSB software of the Taiwanese Kcodes.
Through NetUSB it's possible to make USB devices like printers, external HDDs and USB sticks available to the internet on Linux based embedded systems like a router or accesspoint. This works by loading a Linux kernel driver that starts a server on port 20005. The feature was switched on by default on all devices that SEC Consult investigated.
Through the vulnerability an unauthenticated attacker can cause a buffer overflow on the local network, which in its turn causes a Denial or Service. In the worst case it's possible to execute random code on the router or accesspoint. Some devices make it possible for an attacker to remotely execute random code and taking over control of the device.
The vulnerability can be found in devices of many manufacturers including Netgear, TP-Link, ZyXel and D-Link and likely also in devices of Western Digital, Sitecom and Trendnet. The full overview of manufacturers can be found in this advisory.
Users are advised to install a firmware upgrade as soon as that comes available. Other solutions are blocking port 20005 and/or disabling the USB device sharing feature of the device.
