SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   NETGEAR Router Vendors:   NETGEAR
NETGEAR Router KCodes NetUSB Driver Buffer Overflow Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1032377
SecurityTracker URL:  http://securitytracker.com/id/1032377
CVE Reference:   CVE-2015-3036   (Links to External Site)
Date:  May 21 2015
Impact:   Execution of arbitrary code via network, User access via network


Description:   A vulnerability was reported in multiple NETGEAR Routers. A remote user can execute arbitrary code on the target system.

A remote user can send a specially crafted computername value via TCP port 20005 to trigger a stack overflow in the run_init_sbus() function in the KCodes NetUSB driver (i.e., NETGEAR ReadySHARE feature) and execute arbitrary code on the target system or cause the target system to reboot.

Other port numbers may also be affected.

The following model is affected:

NETGEAR WNDR4500

The following models may be affected:

NETGEAR AC1450
NETGEAR CENTRIA (WNDR4700/4720)
NETGEAR D6100
NETGEAR D6200
NETGEAR D6300
NETGEAR D6400
NETGEAR DC112A
NETGEAR DC112A (Zain)
NETGEAR DGND4000
NETGEAR EX6200
NETGEAR EX7000
NETGEAR JNR3000
NETGEAR JNR3210
NETGEAR JR6150
NETGEAR LG6100D
NETGEAR PR2000
NETGEAR R6050
NETGEAR R6100
NETGEAR R6200
NETGEAR R6200v2
NETGEAR R6220
NETGEAR R6250
NETGEAR R6300v1
NETGEAR R6300v2
NETGEAR R6700
NETGEAR R7000
NETGEAR R7500
NETGEAR R7900
NETGEAR R8000
NETGEAR WN3500RP
NETGEAR WNDR3700v5
NETGEAR WNDR4300
NETGEAR WNDR4300v2
NETGEAR WNDR4500
NETGEAR WNDR4500v2
NETGEAR WNDR4500v3
NETGEAR XAU2511
NETGEAR XAUB2511

The original advisory is available at:

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt

Stefan Viehbock of SEC Consult Vulnerability Lab reported this vulnerability.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.netgear.com/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC