CVE-2015-3036
Overview
D-Link does not currently deploy products utilizing KCodes. All D-Link routers that deploy Shareport Mobile or mydlink Shareport are not affected.
KCodes NetUSB is a Linux kernel module that enables several users on a local network to share USB-based services over IP. - See more at: https://threatpost.com/details-surface-on-unpatched-kcodes-netusb-bug/112910#sthash.KlE3cxxA.dpuf
A vulnerability has been found in KCodes NetUSB which is a Linux kernel module that enables several users on a local network to share USB-based services over IP. The vulnerability in question, CVE-2015-3036, is a buffer overflow that could enable an attacker to either crash the device running the kernel module, or in some cases, remotely run code.
Upon researching our product-line source code we have identified the legacy model DIR-685 as being affected. Please see below for patch update information
References
Stefan Viehbock :: Link :: Initially April 10, 2015
CERT :: VU#177092 :: Link :: Disclosed May 19, 2015
Description
Referencing : VU#177092
KCodes NetUSB is a Linux kernel module that provides USB over IP. It is used to provide USB device sharing on a home user network.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-3036
According to the reporter, computer client data provided when connecting to the NetUSB server is not properly validated by the driver before processing, resulting in a buffer overflow that may lead to a denial of service or code execution. More information can be found in SEC Consult's advisory.
Recommendations
Check router device history for any unauthorized access.
All devices on your network should have log-in credentials and if your network has WiFi, please make sure WiFi encryption-keys are enabled. Also for devices that cannot notify the owner of a new software updates, check for updates from the devices manufacture.
Immediately update to the fixed firmware referenced in the table below as they are made available. Please continue to monitor this page for further updates and disclourses.
D-Link recommends that your D-Link router remote network management feature be disabled (factory default is disabled) to mitigate a malicious remote user using this vulnerability to exploit your router. If remote network management is disabled, a malicious user would require to be on the local network side of the router or have compromised another device on the network that could be used to attack the router.
D-Link recommends that all PCs (Window or Mac) be up-to-date and scanned for virus, bots, or other damaging software that could compromise the network they are connected.
WiFi encryption reduces the risk to this vulnerability if the device Web-GUI is accessed over WiFi. If WiFi network was encrypted, the malicious user would also need to compromise the WiFi encryption, or PC using the Web-GUI utility, in order to monitor the traffic and intercept the cookie.
The default configuration of D-Link's routers is to provide simple installation, ease of useability, and offer widest interoperability. D-Link Systems (D-Link US) reminds customers to configure their devices specifically to and for security concerns within their network infrastructure. In General, D-Link Systems (D-Link US) recommends disabling services not being used, changing/securing device log-in credentials, enabling WiFi encryption, monitoring the routers log files, and access-lists for your devices so security risks for your entire network are minimized.
Affected Product
Model Name
|
HW Version
|
Vulnerable FW Versions
|
Current FW Versions (include fixes)
|
DIR-615 |
Cx |
Not Affected |
Product does not have USB ports. Under research for including module.
(Updated 05/22/2015)
|
DIR-628 |
A2 |
F/W version 1.26 and lower |
Rev A2 :: 1.27 :: Under Development
(Updated: 06/02/2015)
|
DIR-632 |
A1 |
F/W version 1.03 and lower |
Rev A1 :: 1.04B03
Release Notes: Link
(Updated: 06/19/2015)
|
DIR-635 |
B3 |
F/W version 2.36 and lower |
Rev B3 :: 2.37 :: Under Development
(Updated: 06/02/2015)
|
DIR-655 |
A4 |
F/W version 1.36 and lower |
Rev A4 :: 1.37 :: Under Development
(Updated: 06/02/2015)
|
DIR-655 |
B1 |
F/W version 2.11 and lower |
Rev B1 :: 2.10B01
Release Notes: Link
(Updated: 06/19/2015)
|
DIR-685 |
A1
|
F/W version 2.01 and lower
|
Rev A1 :: 2.02NAB01
Release Notes: Link
(Updated: 06/19/2015))
|
DIR-825 |
A1 |
F/W version 1.14 and lower |
Rev A1 :: 1.15 :: Under Development
(Updated: 06/02/2015)
|
DIR-825 |
B1 |
F/W version 2.09 and lower |
Rev B1 :: 2.10EUB01
Release Notes: Link
(Updated: 06/19/2015)
|
DIR-855 |
A2 |
F/W version 1.23 and lower |
Rev A2 :: 1.24 :: Under Development
(Updated: 06/02/2015)
|
DGL-4500 |
A2 |
F/W version 1.24 and lower |
Rev A2 :: 1.25:: Under Development
(Updated: 06/02/2015)
|
DAP-1350 |
A1 |
F/W version 1.14 and lower |
Rev A1 :: 1.15:: Under Development
(Updated: 06/02/2015)
|
DHP-1320 |
A1 |
F/W version 1.01 and lower |
Rev A1 :: 1.02: Under Development
(Updated: 06/02/2015)
|
DSL-3580L |
A2 |
F/W version:All |
Rev A2 :: Under Development Est. 06/15/15
(Updated: 06/11/2015)
|
DSL-2750B |
T1 |
Not Affected
|
Not Affected |
DSL-2750B-US |
T1 |
Not Affected |
Not Affected |
DSL-2750B-SG |
T1 |
Not Affected |
Not Affected |
DSL-2750B |
D1 |
F/W version: All |
Rev D1 :: Under Development Est. 07/01/15
(Updated: 06/11/2015)
|
DSL-2751 |
D1 |
F/W version:All |
Rev D1 :: Under Development Est. 07/01/15
(Updated: 06/11/2015)
|
DSL-2770L |
A1 |
F/W version: All |
Rev A1 :: Under Development Est. 07/01/15
(Updated: 06/11/2015)
|
Security patch for your D-Link Devices
These firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually and we strongly recommend all users to install the relevant updates.
As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the underside of the product next to the serial number. Alternatively, they can also be found on the device web configuration.