Zyxel to release patch for KCodes NetUSB vulnerability


A new vulnerability in KCodes NetUSB kernel driver, identified in advisory CVE-2015-3036, exposes a stack-based buffer overflow weakness that could result in a denial of service or arbitrary code execution.

Zyxel is aware of the vulnerability to KCodes NetUSB on four of Zyxel routers and assures our customers that the rest of Zyxel products are not affected. Zyxel has identified the root cause and a fix to the problem. We are now in the process of rebuilding the NetUSB modules on the affected routers, and the updated release will be available as stated in the table below.

Affected models

Product Model Name Firmware Update
Wireless N300 NetUSB Router NBG-419N v2 2015/06/18
Wireless N300 Gigabit NetUSB Router NBG4615 v2 2015/06/18
Simultaneous Dual-Band Wireless N750 Media Router NBG5615 2015/06/18
Simultaneous Dual-Band Wireless N900 Media Router NBG5715 2015/06/18

Please contact your local service or sales representative for further assistance.