The details and an exploit for a serious vulnerability affecting certain Belkin home routers were released last week by a researcher.
Marco Vaz of Integrity discovered a buffer overflow flaw in Belkin N750 DB Wi-Fi Dual-Band N+ Gigabit routers that can be exploited by a remote, unauthenticated attacker to gain root access to the device.
The vulnerability, which has been assigned the CVE identifier CVE-2014-1635, affects the guest network Web interface of routers running the firmware version F9K1103_WW_1.10.16m. The issue was reported to Belkin on January 24, and a proof-of-concept was sent to the company a few days later.
Belkin addressed the issue on March 31 with the release of version F9K1103_WW_1.10.17m of the firmware.
According to Vaz, the flaw in Belkin N750 DB Wi-Fi Dual-Band N+ Gigabit routers involves the guest network functionality, which is enabled by default and is delivered over an unprotected wireless connection. By sending a specially crafted POST request to the Hypertext Transfer Protocol Daemon (httpd) that serves authentication on the guest login network, a remote attacker can execute arbitrary commands with root privileges.
Vaz discovered the security hole through fuzzing. He first noticed that the POST parameter “jump” was affected by a classic buffer overflow issue that could be triggered with a payload containing 5,000 bytes. The researcher later determined that the vulnerability was exploitable.
“The vulnerability can be confirmed by sending a crafted POST request where the parameter ‘jump’ takes 1379 bytes of padding concatenated with the commands to be executed and with content different from zero to overwrite an internal control variable,” reads the advisory published for the vulnerability.
The researcher has published an exploit written in Python and a Metasploit module for the vulnerability.
Routers produced by Belkin are not the only ones plagued by vulnerabilities. In October, a researcher reported discovering a flaw in ASUS routers that can be leveraged to trick devices into updating the firmware to old or malicious versions.
Last week, Cisco informed customers of security updates for some of its small business RV series routers. The updates address a total of three vulnerabilities.