NEW - Der Feed des Merlin Images jetzt bei BoxPirates - NEW

NEW - BoxPirates Plugin Feed - NEW
Unsere Plugins direkt über den Plugin Browser eure Box installierbar

26 Hersteller betroffen Kritische Sicherheitslücke in etlichen Routern

    Diese Seite verwendet Cookies. Durch die Nutzung unserer Seite erklären Sie sich damit einverstanden, dass wir Cookies setzen. Weitere Informationen

    • 26 Hersteller betroffen Kritische Sicherheitslücke in etlichen Routern

      Internetnutzer sollten auf den Support-Seiten ihres Router-Herstellers derzeit verstärkt nach Firmware-Updates Ausschau halten. Hintergrund ist eine kritische Sicherheitslücke in einem Treiber (NetUSB), der in Geräten von bis zu 26 Herstellern eingesetzt wird, wie der Online-Fachdienst "Heise Security" berichtet.

      Im Detail gehe es um die Funktion "USB over IP", die Router nutzen, um etwa USB-Drucker oder externe USB-Festplatten im lokalen Netzwerk freizugeben. Angreifer könnten die Lücke missbrauchen, um beliebigen Code auf dem Router auszuführen.

      Aufgespürt hatte die Lücke der österreichische IT-Sicherheitsdienstleister SEC Consult. Nicht betroffen von der Lücke sind nach Angaben des Herstellers AVM die weit verbreiteten Fritzbox-Router. Abhilfe schafft ein Firmware-Update, das jedoch bei vielen Herstellern auf sich warten lässt.

      Eine Update-Ankündigung gab Zyxel für vier Routermodelle, der Hersteller TP-Link hat nach eigenen Angaben Patches für zwei ihrer Modelle fertiggestellt. Routernutzern ist dringend zu empfehlen, sich beim Hersteller seines Geräts auf den Support-Internetseiten über neue Firmware-Versionen zu informieren und sie gegebenenfalls einzuspielen.

      Insgesamt sind WLAN-Router von 26 Herstellern betroffen, darunter allein 40 Modelle von TP-Link, aber auch Router von Herstellern wie Allnet, D-Link und Netgear. Die Experten von SEC Consult haben auf ihrer Webseite eine Liste (TXT-Datei) mit den betroffenen Modellen veröffentlicht.

      Quelle: T-Online


      Mia san Mia und Mia san Tripel


    • Hier mal die von SEC Consult veröffentlichte Liste mit 92 Routermodelle von 26 Herstellern

      Spoiler anzeigen

      SEC Consult Vulnerability Lab Security Advisory < 20150519-0 >
      =======================================================================
      title: Kernel Stack Buffer Overflow
      product: KCodes NetUSB
      vulnerable version: see Vulnerable / tested versions
      fixed version: see Solution
      CVE number: CVE-2015-3036, VU#177092
      impact: Critical
      homepage: kcodes.com/
      found: 2015-02-23
      by: Stefan Viehböck (Office Vienna)
      SEC Consult Vulnerability Lab

      An integrated part of SEC Consult
      Berlin - Frankfurt/Main - Montreal - Singapore
      Vienna (HQ) - Vilnius - Zurich

      sec-consult.com

      =======================================================================

      Vendor description:
      -------------------
      "The world's premier technology provider of mobile printing, audio and
      video communication, file sharing, and USB applications for iPhones,
      iPads, smart phones and tablets (Android and Windows), MacBooks, and
      Ultrabooks."

      Source: kcodes.com/


      Vulnerability overview/description:
      -----------------------------------
      NetUSB suffers from a remotely exploitable kernel stack buffer overflow.
      Because of insufficient input validation, an overly long computer name can be
      used to overflow the "computer name" kernel stack buffer. This results in
      memory corruption which can be turned into arbitrary remote code execution.

      Furthermore, a more detailed summary of this advisory has been published at our
      blog: blog.sec-consult.com


      Proof of concept:
      -----------------
      Below is an excerpt from the vulnerable run_init_sbus() function (pseudo code):

      int computername_len;
      char computername_buf[64];
      // connection initiation, handshake
      len = ks_recv(sock, &computername_len, 4, 0);
      // ...
      len = ks_recv(sock, computername_buf, computername_len, 0); // boom!

      A proof of concept "netusb_bof.py" has been developed which exploits the
      vulnerability. The PoC DoS exploit will not be published as many vendors
      did not patch the vulnerability yet.

      Example use that results in denial-of-service (kernel memory corruption that
      results in a device reboot):
      ./netusb_bof.py 192.168.1.1 20005 500


      Vulnerable / tested versions:
      -----------------------------
      The vulnerability has been verified to exist in most recent firmware versions
      of the following devives:

      TP-Link TL-WDR4300 V1
      TP-Link WR1043ND v2
      NETGEAR WNDR4500

      Furthermore we've identified NetUSB in the most recent firmware version of the
      following products (list is not necessarily complete!):
      D-Link DIR-615 C
      NETGEAR AC1450
      NETGEAR CENTRIA (WNDR4700/4720)
      NETGEAR D6100
      NETGEAR D6200
      NETGEAR D6300
      NETGEAR D6400
      NETGEAR DC112A
      NETGEAR DC112A (Zain)
      NETGEAR DGND4000
      NETGEAR EX6200
      NETGEAR EX7000
      NETGEAR JNR3000
      NETGEAR JNR3210
      NETGEAR JR6150
      NETGEAR LG6100D
      NETGEAR PR2000
      NETGEAR R6050
      NETGEAR R6100
      NETGEAR R6200
      NETGEAR R6200v2
      NETGEAR R6220
      NETGEAR R6250
      NETGEAR R6300v1
      NETGEAR R6300v2
      NETGEAR R6700
      NETGEAR R7000
      NETGEAR R7500
      NETGEAR R7900
      NETGEAR R8000
      NETGEAR WN3500RP
      NETGEAR WNDR3700v5
      NETGEAR WNDR4300
      NETGEAR WNDR4300v2
      NETGEAR WNDR4500
      NETGEAR WNDR4500v2
      NETGEAR WNDR4500v3
      NETGEAR XAU2511
      NETGEAR XAUB2511
      TP-LINK Archer C2 V1.0 (Fix planned before 2015/05/22)
      TP-LINK Archer C20 V1.0 (Not affected)
      TP-LINK Archer C20i V1.0 (Fix planned before 2015/05/25)
      TP-LINK Archer C5 V1.2 (Fix planned before 2015/05/22)
      TP-LINK Archer C5 V2.0 (Fix planned before 2015/05/30)
      TP-LINK Archer C7 V1.0 (Fix planned before 2015/05/30)
      TP-LINK Archer C7 V2.0 (Fix already released)
      TP-LINK Archer C8 V1.0 (Fix planned before 2015/05/30)
      TP-LINK Archer C9 V1.0 (Fix planned before 2015/05/22)
      TP-LINK Archer D2 V1.0 (Fix planned before 2015/05/22)
      TP-LINK Archer D5 V1.0 (Fix planned before 2015/05/25)
      TP-LINK Archer D7 V1.0 (Fix planned before 2015/05/25)
      TP-LINK Archer D7B V1.0 (Fix planned before 2015/05/31)
      TP-LINK Archer D9 V1.0 (Fix planned before 2015/05/25)
      TP-LINK Archer VR200v V1.0 (Fix already released)
      TP-LINK TD-VG3511 V1.0 (End-Of-Life)
      TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/30)
      TP-LINK TD-VG3631 V1.0 (Fix planned before 2015/05/31)
      TP-LINK TD-W1042ND V1.0 (End-Of-Life)
      TP-LINK TD-W1043ND V1.0 (End-Of-Life)
      TP-LINK TD-W8968 V1.0 (Fix planned before 2015/05/30)
      TP-LINK TD-W8968 V2.0 (Fix planned before 2015/05/30)
      TP-LINK TD-W8968 V3.0 (Fix planned before 2015/05/25)
      TP-LINK TD-W8970 V1.0 (Fix planned before 2015/05/30)
      TP-LINK TD-W8970 V3.0 (Fix already released)
      TP-LINK TD-W8970B V1.0 (Fix planned before 2015/05/30)
      TP-LINK TD-W8980 V3.0 (Fix planned before 2015/05/25)
      TP-LINK TD-W8980B V1.0 (Fix planned before 2015/05/30)
      TP-LINK TD-W9980 V1.0 (Fix already released)
      TP-LINK TD-W9980B V1.0 (Fix planned before 2015/05/30)
      TP-LINK TD-WDR4900 V1.0 (End-Of-Life)
      TP-LINK TL-WR1043ND V2.0 (Fix planned before 2015/05/30)
      TP-LINK TL-WR1043ND V3.0 (Fix planned before 2015/05/30)
      TP-LINK TL-WR1045ND V2.0 (Fix planned before 2015/05/30)
      TP-LINK TL-WR3500 V1.0 (Fix planned before 2015/05/22)
      TP-LINK TL-WR3600 V1.0 (Fix planned before 2015/05/22)
      TP-LINK TL-WR4300 V1.0 (Fix planned before 2015/05/22)
      TP-LINK TL-WR842ND V2.0 (Fix planned before 2015/05/30)
      TP-LINK TL-WR842ND V1.0 (End-Of-Life)
      TP-LINK TX-VG1530(GPON) V1.0 (Fix planned before 2015/05/31)
      Trendnet TE100-MFP1 (v1.0R)
      Trendnet TEW-632BRP (A1.0R)
      Trendnet TEW-632BRP (A1.1R/A1.2R)
      Trendnet TEW-632BRP (A1.1R/A1.2R/A1.3R)
      Trendnet TEW-634GRU (v1.0R)
      Trendnet TEW-652BRP (V1.0R)
      Trendnet TEW-673GRU (v1.0R)
      Trendnet TEW-811DRU (v1.0R)
      Trendnet TEW-812DRU (v1.0R)
      Trendnet TEW-812DRU (v2.xR)
      Trendnet TEW-813DRU (v1.0R)
      Trendnet TEW-818DRU (v1.0R)
      Trendnet TEW-823DRU (v1.0R)
      Trendnet TEW-MFP1 (v1.0R)
      Zyxel NBG-419N v2
      Zyxel NBG4615 v2
      Zyxel NBG5615
      Zyxel NBG5715

      Based on information embedded in KCodes drivers we believe the following
      vendors are affected:
      Allnet
      Ambir Technology
      AMIT
      Asante
      Atlantis
      Corega
      Digitus
      D-Link
      EDIMAX
      Encore Electronics
      Engenius
      Etop
      Hardlink
      Hawking
      IOGEAR
      LevelOne
      Longshine
      NETGEAR
      PCI
      PROLiNK
      Sitecom
      Taifa
      TP-LINK
      TRENDnet
      Western Digital
      ZyXEL


      Vendor contact timeline:
      ------------------------
      2015-02-28: Contacting vendor through [email]support@kcodes.com[/email]
      2015-03-04: No response, contacting various KCodes addresses found on the web.
      2015-03-05: Vendor responds, requests more information.
      2015-03-05: Providing advisory and proof of concept exploit.
      2015-03-16: No response, requesting status update.
      2015-03-16: Vendor responds, asks about fix verification(?)
      2015-03-16: Requesting clarification about fixing status and information about
      next steps. Proposing conference call dates.
      2015-03-19: No response, informing that notification of CERT/CC and selected
      vendors will start shortly. Requesting clarification about fixing
      status and information about next steps again.
      2015-03-19: Vendor responds, confirms conference call date (2015-03-25). No
      further information provided.
      2015-03-19: Providing advisory and proof of concept exploit to TP-LINK and
      NETGEAR.
      2015-03-25: Vendor cancels conference call on short notice (sudden week-long
      business trip).
      2015-03-26: Asking for support of CERT/CC regarding vendor coordination.
      2015-03 - 2015-05: Coordination between CERT & vendors, NETGEAR and TP-LINK
      2015-05-13: Notifying German CERT-Bund and Austrian CERT.at
      2015-05-19: Coordinated release of security advisory


      Solution:
      ---------
      TP-LINK has started releasing fixed firmware. The status of affected products
      can be found in the affected product list above.

      For additional information also see CERT/CC vulnerability notice:
      kb.cert.org/vuls/id/177092


      Workaround:
      -----------
      Sometimes NetUSB can be disabled via the web interface, but at least on NETGEAR
      devices this does not mitigate the vulnerability. NETGEAR told us, that there is
      no workaround available, the TCP port can't be firewalled nor is there a way to
      disable the service on their devices.


      Advisory URL:
      -------------
      sec-consult.com/en/Vulnerability-Lab/Advisories.htm


      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      SEC Consult Vulnerability Lab

      SEC Consult
      Berlin - Frankfurt/Main - Montreal - Singapore - Vienna (HQ) - Vilnius - Zurich

      About SEC Consult Vulnerability Lab
      The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It
      ensures the continued knowledge gain of SEC Consult in the field of network
      and application security to stay ahead of the attacker. The SEC Consult
      Vulnerability Lab supports high-quality penetration testing and the evaluation
      of new offensive and defensive technologies for our customers. Hence our
      customers obtain the most current information about vulnerabilities and valid
      recommendation about the risk profile of new technologies.

      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Interested to work with the experts of SEC Consult?
      Send us your application sec-consult.com/en/Career.htm

      Interested in improving your cyber security with the experts of SEC Consult?
      Contact our local offices sec-consult.com/en/About/Contact.htm
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      Mail: research at sec-consult dot com
      Web: sec-consult.com
      Blog: blog.sec-consult.com
      Twitter: twitter.com/sec_consult

      EOF Stefan Viehböck / @2015

      'up1'




      Einfach auch mal den 'danke' Button klicken, erfreut und ermuntert zum weitermachen ;)


      ! Fragen gehören ins Forum, ich beantworte keine privaten Nachrichten !