skip to main content
Router Security Advisory: Kcodes Netusb Kernel Stack Buffer Overflow

Overview:
NetUSB suffers from a remotely exploitable kernel stack buffer overflow. Because of insufficient input validation, an overly long computer name can be used to overflow the "computer name" kernel stack buffer. This results in memory corruption which can be turned into arbitrary remote code execution.

How is this attack launched?
The attacker must first access your network by either connecting wirelessly or with a Ethernet connection to the router. If you have encrypted WiFi, an attacker’s ability to access your network and perform the hack is greatly reduced.

References:
Discovered by SEC Consult
KCodes NetUSB Disclosure: Click here (hyperlink to: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt)

Update Date: 9/02/2015
Affected TRENDnet Products

Model name Hardware Version(s) Firmware Version(s) New Firmware to Fix Exploit
TEW-634GRU V1.0R 1.01B2.1.0.0 and all previous versions Product End Of Life (May, 2013)
TEW-673GRU V1.0R 1.00b40 and all previous versions Product End Of Life (January, 2013)
TEW-811DRU V1.0R 1.0.8.0 and all previous versions 1.0.10.0
TEW-812DRU V1.0R 1.0.14.0 and all previous versions 1.0.15.0
TEW-812DRU V2.0R/V2.1R 2.1.0.0 and all previous versions 2.1.1.0
TEW-813DRU V1.0R 1.01B05 1.02B01
TEW-818DRU V1.0R 1.0.11.0 and all previous versions 1.0.13.0
TEW-823DRU V1.0R 1.01B02 and all previous versions 1.02B01
TE100-MFP1 v1.0R 1.045 and all previous versions 1.070.1
TEW-MFP1 V1.0R 1.045 and all previous versions 1.070.1

The following products were publish, by SEC Consult (link above), as vulnerable.
TEW-632BRP Not vulnerable to vulnerability. KCodes not present in product.
TEW-652BRP
TEW-828DRU

*Products not listed above are not, to TRENDnet's knowledge, vulnerable to the published vulnerability.