What is CVE-2015-3036?

CVE-2015-3036 is a vulnerability in Kcodes Netusb, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-05-21.

Is CVE-2015-3036 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Kcodes Netusb

CVE-2015-3036

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by pro…

Vulnerability class: Buffer Overflow

EPSS: 0.701 (98.7th percentile) — read the EPSS interpretation.

Affected products

Kcodes Netusb
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

VU#177092 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
cve@mitre.org (x_refsource_MISC)
38454 (exploit, x_refsource_EXPLOIT-DB)
38566 (exploit, x_refsource_EXPLOIT-DB)
cve@mitre.org (x_refsource_MISC)
20151010 Exploit NetUSB CVE-2015-3036 (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)
74724 (vdb-entry, x_refsource_BID)
1032377 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-3036?: CVE-2015-3036 is a vulnerability in Kcodes Netusb, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2015-05-21.
Is CVE-2015-3036 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.