Reply

R7500 Vulnerable to NetUSB Bug

Laszlo
Aspirant

R7500 Vulnerable to NetUSB Bug

Hello,

After reading this article, I got kind of worried as I use the R7500 as my primary defense:

'Researchers at SEC Consult discovered that the NetUSB driver is plagued by a kernel stack buffer overflow vulnerability (CVE-2015-3036) that can be exploited by an unauthenticated attacker to execute arbitrary code or cause a denial-of-service (DoS) condition.'

A little bit lower I see the statement: 'NETGEAR told us, that there is no workaround available, the TCP port can't be firewalled nor is there a way to disable the service on their devices'

Please fix this, I feel unprotected at the moment.

Cheers, Laszlo

Message 1 of 3
Babylon5
NETGEAR Employee Retired

Re: R7500 Vulnerable to NetUSB Bug

Take a look at this please;

http://kb.netgear.com/app/answers/detail/a_id/28393
____________________________
Working on behalf of Netgear
My name is Andy
Message 2 of 3
Laszlo
Aspirant

Re: R7500 Vulnerable to NetUSB Bug

Hi Andy,

Thank you for your swift response. It is good to read that NetGear is working on a fix to deal with this.

It is a bit strange that not all devices affected are mentioned. For other readers, refer to: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kern....

If there is a mailing list I could join to read more about potential security vulnerabilities regarding the R7500, please let me know.

Thanks again! Laszlo
Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 4262 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E