NetUSB vulnerability - Commentary from Webroot
May 2015 by Webroot
Following the news of the NetUSB vulnerability which means that potentially millions of routers and IoT devices using KCodes NetUSB could be exposed to remote hijacking or denial of service attacks. Please find the below comments from Grayson Milbourne, Security Intelligence Director at Webroot.
“The NetUSB warning is interesting and has only been confirmed on a few devices, though due to NetUSB being so widely used, it does stand to reason that many others are also affected. Also interesting is that in the cases where the vulnerability does exist, it is only for a local area connection where the port is accessible. This means you would need to be connected to the internal network to exploit such a router. This is far less damaging than if it were exposed to the internet, though since this driver is so widely used, there is a possibility that in some applications it is exposed externally.
Either way, vendors need to address the bug. Security flaws continue to be a real problem and we can expect the trend to continue. To stay secure, businesses need to stay on top of patch management and ensure networks are designed with security at the forefront.”