NetUSB suffers from a remotely exploitable kernel stack buffer overflow. Because of insufficient input validation, an overly long computer name can be used to overflow the "computer name" kernel stack buffer. This results in memory corruption which can be turned into arbitrary remote code execution.
How is this attack launched?
The attacker must first access your network by either connecting wirelessly or with a Ethernet connection to the router. If you have encrypted WiFi, an attacker’s ability to access your network and perform the hack is greatly reduced.
Discovered by SEC Consult
KCodes NetUSB Disclosure: Click here (hyperlink to: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt)
Update Date: 9/02/2015
Affected TRENDnet Products
|Model name||Hardware Version(s)||Firmware Version(s)||New Firmware to Fix Exploit|
|TEW-634GRU||V1.0R||1.01B220.127.116.11 and all previous versions||Product End Of Life (May, 2013)|
|TEW-673GRU||V1.0R||1.00b40 and all previous versions||Product End Of Life (January, 2013)|
|TEW-811DRU||V1.0R||18.104.22.168 and all previous versions||22.214.171.124|
|TEW-812DRU||V1.0R||126.96.36.199 and all previous versions||188.8.131.52|
|TEW-812DRU||V2.0R/V2.1R||184.108.40.206 and all previous versions||220.127.116.11|
|TEW-818DRU||V1.0R||18.104.22.168 and all previous versions||22.214.171.124|
|TEW-823DRU||V1.0R||1.01B02 and all previous versions||1.02B01|
|TE100-MFP1||v1.0R||1.045 and all previous versions||1.070.1|
|TEW-MFP1||V1.0R||1.045 and all previous versions||1.070.1|
|The following products were publish, by SEC Consult (link above), as vulnerable.|
|TEW-632BRP||Not vulnerable to vulnerability. KCodes not present in product.|
*Products not listed above are not, to TRENDnet's knowledge, vulnerable to the published vulnerability.