The technology behind a popular printer sharing feature on many consumer and professional grade routers has been shown to be vulnerable to what the team behind the discovery are calling a 1990s-style stack buffer overflow attack.
NetUSB, developed by Taiwan-based KCodes, provides “USB over IP” and is implemented in many popular router brands.
As part of initiating a connection between computer and router, the client sends their computer name. The client rather than the router specifies the length of the computer name, and by setting the length to more than 64 characters, the stack buffer overflows when the computer name is received.
“Easy as a pie, the ‘90s are calling and want their vulns back, stack buffer overflow,” SEC Consult Vulnerability Lab wrote in its blog.
SEC said it initially discovered the vulnerability on a TP-LINK device but subsequent investigations uncovered references to 26 vendors in the file NetUSB.inf. Downloading firmware images from five popular manufacturers – D-Link, NETGEAR, TP-LINK, Trendnet and ZyXEL – it revealed that 92 of the products contained NetUSB including some of their latest models.
The NetUSB feature is referred to by various names including ReadySHARE, print sharing and USB share port and features prominently in the marketing of these products.
SEC said it has made repeated attempts to contact KCodes with little success so it informed TP-LINK and NETGEAR directly and the other vendors via CERT/CC and other CERTs.
“Here we have another case that shows the sad state of embedded systems security. Because the same vendors are building the IoT devices of tomorrow, we will see a lot of this in the future,” SEC wrote in its blog.