Millions of routers and other embedded devices are affected by a serious vulnerability that could allow hackers to compromise them. The vulnerability is located in a service called NetUSB, which lets devices connected over USB to a computer be shared with other machines on a local network or the Internet via IP (Internet Protocol). The shared devices can be printers, webcams, thumb drives, external hard disks and more. NetUSB is implemented in Linux-based embedded systems, such as routers, as a kernel driver. Once enabled, it opens a server that listens on TCP port 20005 for connecting clients. Security researchers found that if a connecting computer has a name longer than 64 characters, a stack buffer overflow is triggered in the NetUSB service. If exploited, this kind of vulnerability can result in remote code execution or denial of service.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street