Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Unpatched Flaws Allow Hackers to Compromise Belkin Routers

A researcher has published the details and proof-of-concept (PoC) code for several unpatched vulnerabilities affecting Belkin’s N150 wireless home routers.

A researcher has published the details and proof-of-concept (PoC) code for several unpatched vulnerabilities affecting Belkin’s N150 wireless home routers.

The security bugs were discovered in October by Rahul Pratap Singh, an India-based researcher whose work has been acknowledged by several major companies, including Microsoft, Adobe, eBay, ESET and Google.

One of the vulnerabilities found by Singh is an HTML/script injection that affects the “language” parameter present in the request sent to the router. A video demo published by the expert shows that injecting a payload into the parameter causes the device’s web interface to become unusable.Belkin N150 router vulnerabilities

The researcher also discovered a session hijacking issue caused by the fact that the session ID is a hexadecimal string with a fixed length of eight characters. This allows an attacker to easily obtain the data via a brute force attack.

One major security weakness in Belkin N150 wireless routers is related to the Telnet protocol, which is enabled with the default username/password combination root/root. The vulnerability allows a malicious hacker to gain remote access to the router with root privileges, Singh said.

The researcher also determined that requests sent to the router can be manipulated due to the lack of cross-site request forgery (CSRF) protection.

Singh noted that while some of these vulnerabilities require a direct connection, others, like the CSRF flaw, can be exploited remotely.

“A combination of these vulnerabilities will lead to a full compromise of the router,” Singh told SecurityWeek via email.

“An attacker may have a machine on the local network, either by physically connecting, or by compromising a machine on the local network through other means (e.g. via malware). Then it can use telnet to do the rest of the stuff to compromise the router,” Singh explained. “Same can be done using the CSRF vulnerability to perform malicious actions.”

The researcher says the vulnerabilities affect firmware version 1.00.09 (F9K1009) which, according to Belkin’s official support page for N150 routers, is the latest version available for this device model. The issues were reported to the vendor on October 20 and again on November 25. Since he hasn’t received any response from the company, Singh says he has been advised by US-CERT to make his findings public.

Singh told SecurityWeek that he has requested CVE identifiers for the vulnerabilities.

Judging by the changelog on the Belkin N150 support page, the company rarely releases security updates for the device. Version 1.00.08 was released in May 2014 to address one security issue and version 1.00.09 was released in May 2015 to patch a “NAT-PMP security vulnerability.”

The issue Belkin attempted to resolve with the release of version 1.00.08 is likely a high severity path traversal vulnerability (CVE-2014-2962) reported in March 2014 by Aditya Lad. Singh later discovered that the vendor failed to properly patch the flaw, which has been found to affect version 1.00.09 of the firmware as well.

Belkin told SecurityWeek that the company is aware of the security issues affecting F9K1009 v1 N150 routers and is working to address them.

*Updated to say that Belkin is working on patching the vulnerabilities

Related Reading: Details Disclosed for Buffer Overflow Vulnerability in Belkin Routers

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...