Zyxel to release patch for KCodes NetUSB vulnerability
A new vulnerability in KCodes NetUSB kernel driver, identified in advisory CVE-2015-3036, exposes a stack-based buffer overflow weakness that could result in a denial of service or arbitrary code execution.
Zyxel is aware of the vulnerability to KCodes NetUSB on four of Zyxel routers and assures our customers that the rest of Zyxel products are not affected. Zyxel has identified the root cause and a fix to the problem. We are now in the process of rebuilding the NetUSB modules on the affected routers, and the updated release will be available as stated in the table below.
Affected models
| Product | Model Name | Firmware Update |
|---|---|---|
| Wireless N300 NetUSB Router | NBG-419N v2 | 2015/06/18 |
| Wireless N300 Gigabit NetUSB Router | NBG4615 v2 | 2015/06/18 |
| Simultaneous Dual-Band Wireless N750 Media Router | NBG5615 | 2015/06/18 |
| Simultaneous Dual-Band Wireless N900 Media Router | NBG5715 | 2015/06/18 |
Please contact your local service or sales representative for further assistance.