Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Unpatched Flaws Allow Hackers to Compromise Belkin Routers

A researcher has published the details and proof-of-concept (PoC) code for several unpatched vulnerabilities affecting Belkin’s N150 wireless home routers.

A researcher has published the details and proof-of-concept (PoC) code for several unpatched vulnerabilities affecting Belkin’s N150 wireless home routers.

The security bugs were discovered in October by Rahul Pratap Singh, an India-based researcher whose work has been acknowledged by several major companies, including Microsoft, Adobe, eBay, ESET and Google.

One of the vulnerabilities found by Singh is an HTML/script injection that affects the “language” parameter present in the request sent to the router. A video demo published by the expert shows that injecting a payload into the parameter causes the device’s web interface to become unusable.Belkin N150 router vulnerabilities

The researcher also discovered a session hijacking issue caused by the fact that the session ID is a hexadecimal string with a fixed length of eight characters. This allows an attacker to easily obtain the data via a brute force attack.

One major security weakness in Belkin N150 wireless routers is related to the Telnet protocol, which is enabled with the default username/password combination root/root. The vulnerability allows a malicious hacker to gain remote access to the router with root privileges, Singh said.

The researcher also determined that requests sent to the router can be manipulated due to the lack of cross-site request forgery (CSRF) protection.

Singh noted that while some of these vulnerabilities require a direct connection, others, like the CSRF flaw, can be exploited remotely.

“A combination of these vulnerabilities will lead to a full compromise of the router,” Singh told SecurityWeek via email.

“An attacker may have a machine on the local network, either by physically connecting, or by compromising a machine on the local network through other means (e.g. via malware). Then it can use telnet to do the rest of the stuff to compromise the router,” Singh explained. “Same can be done using the CSRF vulnerability to perform malicious actions.”

Advertisement. Scroll to continue reading.

The researcher says the vulnerabilities affect firmware version 1.00.09 (F9K1009) which, according to Belkin’s official support page for N150 routers, is the latest version available for this device model. The issues were reported to the vendor on October 20 and again on November 25. Since he hasn’t received any response from the company, Singh says he has been advised by US-CERT to make his findings public.

Singh told SecurityWeek that he has requested CVE identifiers for the vulnerabilities.

Judging by the changelog on the Belkin N150 support page, the company rarely releases security updates for the device. Version 1.00.08 was released in May 2014 to address one security issue and version 1.00.09 was released in May 2015 to patch a “NAT-PMP security vulnerability.”

The issue Belkin attempted to resolve with the release of version 1.00.08 is likely a high severity path traversal vulnerability (CVE-2014-2962) reported in March 2014 by Aditya Lad. Singh later discovered that the vendor failed to properly patch the flaw, which has been found to affect version 1.00.09 of the firmware as well.

Belkin told SecurityWeek that the company is aware of the security issues affecting F9K1009 v1 N150 routers and is working to address them.

*Updated to say that Belkin is working on patching the vulnerabilities

Related Reading: Details Disclosed for Buffer Overflow Vulnerability in Belkin Routers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.