CVE-2015-3036

KCodes NetUSB - Stack-Based Buffer Overflow via Long Computer Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-3036. PoCs published by Adrián Ruiz Bermudo, blasty.

AI-analyzed exploit summary This exploit targets a kernel stack buffer overflow in NetUSB (CVE-2015-3036) by sending a maliciously crafted computer name during the handshake process, leading to a denial of service (DoS). It uses AES encryption for communication and verifies vulnerability by checking if the target device crashes.

Description

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.

Exploits (2)

exploitdb WORKING POC
by Adrián Ruiz Bermudo · pythondoshardware
https://www.exploit-db.com/exploits/38566

This exploit targets a kernel stack buffer overflow in NetUSB (CVE-2015-3036) by sending a maliciously crafted computer name during the handshake process, leading to a denial of service (DoS). It uses AES encryption for communication and verifies vulnerability by checking if the target device crashes.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: KCodes NetUSB (affects multiple vendors, e.g., NETGEAR DC112A)
No auth needed
Prerequisites: Network access to the target device on port 20005
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by blasty · pythonremotemultiple
https://www.exploit-db.com/exploits/38454

This is a weaponized exploit for CVE-2015-3036, a NetUSB kernel vulnerability, which achieves remote code execution on a specific target device (WNDR3700v5) by leveraging a stack-based buffer overflow, ROP chain, and AES-encrypted payloads.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: NetUSB (KCodes) on WNDR3700v5 (Linux 2.6.36, MIPS32)
No auth needed
Prerequisites: Network access to the vulnerable NetUSB service (port 20005) · Target device must be running vulnerable NetUSB kernel module
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/177092
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38454/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38566/
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Oct/50
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74724
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032377
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/May/74

Scores

EPSS 0.7008
EPSS Percentile 98.7%

Details

CWE
CWE-119
Status published
Products (1)
kcodes/netusb
Published May 21, 2015
Tracked Since Feb 18, 2026