View Gizmodo Post

SEC Consult Vulnerability Lab has discovered the flaw in a driver referred to as NetUSB. The driver, as its name suggests, is installed on routers to allow computers to access USB devices over a network.

The driver contains an error known as a buffer overflow, which can occur when a device sends its name to the router and it’s longer than 64 bytes. The researchers claim that the simple overflow can be used to crash the router, using denial of service of attacks, and even execute code remotely.

Among the Company’s products that are affected include Netgear, D-Link, TP-LINK, Trendnet, and Zyxel.

Solution: TP-LINK has started releasing fixed firmware. The status of affected products can be found in the affected product list above. For additional information also see CERT/CC vulnerability notice: http://www.kb.cert.org/vuls/id/177092

Workaround: Sometimes NetUSB can be disabled via the web interface, but at least on NETGEAR devices this does not mitigate the vulnerability. NETGEAR told us, that there is no workaround available, the TCP port can't be firewalled nor is there a way to disable the service on their devices.

Here is the link for SEC-Consult’s Report