CVE-2015-3036

Linux Kernel - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.

Exploits (2)

exploitdb WORKING POC

by Adrián Ruiz Bermudo · pythondoshardware

https://www.exploit-db.com/exploits/38566

View Code ZIP pw:eip

exploitdb WORKING POC

by blasty · pythonremotemultiple

https://www.exploit-db.com/exploits/38454

View Code ZIP pw:eip

References (11)

[Various Sources] http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/131987/KCodes-NetUSB-Buffer-Overflow.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/133919/NetUSB-Stack-Buffer-Overflow.html

[Mailing List] http://seclists.org/fulldisclosure/2015/May/74

[Mailing List] http://seclists.org/fulldisclosure/2015/Oct/50

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/177092

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032377

[Various Sources] https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74724

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38454/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/38566/

Scores

EPSS 0.7008

EPSS Percentile 98.7%

Details

CWE

CWE-119

Status published

Products (1)

kcodes/netusb

Published May 21, 2015

Tracked Since Feb 18, 2026