D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-880L => Topic started by: theduser on May 21, 2015, 09:54:13 AM
-
http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
To get an idea how many products are affected, we downloaded a bunch of firmware images from D-Link, NETGEAR, TP-LINK, Trendnet and ZyXEL (actually, we downloaded all of them). Then we checked if those firmware images contain the NetUSB kernel driver (NetUSB.ko). We found 92 products out of the analysed firmware images that contain the NetUSB code. A list of affected products can be found in our advisory. We did not check the firmware of the remaining 21 vendors.
While only one specific D-Link model (DIR-615) was listed, the advisory notes that more D-Link models are likely to be affected. D-Link's advisory page http://securityadvisories.dlink.com/security/ (http://securityadvisories.dlink.com/security/) mentions a different model (DIR-685) from the one tested by the researcher (DIR-615).
[edit]
Dug deeper and it seems D-Link does not currently use kcode's netusb code:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10057
-
Correct. Enjoy.
Didn't see anything mentioned about a DIR-615...
FYI:
http://forums.dlink.com/index.php?topic=56542.0 (http://forums.dlink.com/index.php?topic=56542.0)
-
Correct. Enjoy.
Didn't see anything mentioned about a DIR-615...
It's in the detailed report: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt
-
Ok, I found it. I've asked about it. So far only the 685 seems to be affected. ;)
-
They added the DIR-615 to the list. ::)