Unpatched Router Flaws Released

Thursday, December 3, 2015 @ 03:12 PM gHale

Vulnerability details and proof-of-concept (PoC) code for several unpatched holes in Belkin’s N150 wireless home routers ended up published.

Rahul Pratap Singh, an India-based researcher, published the router vulnerabilities.

Attack Vector: Smart Coffee Makers
CCTV Cameras Form Botnet
IEI: Securing IIoT
Botnet Protects Against Malware

One of the vulnerabilities found is an HTML/script injection that affects the “language” parameter present in the request sent to the router, Singh said in a blog post.

Singh also showed in a video injecting a payload into the parameter causes the device’s web interface to become unusable.

In addition, the researcher also discovered a session hijacking issue caused by the session ID being a hexadecimal string with a fixed length of eight characters. This allows an attacker to easily obtain the data via a brute force attack.

One major security weakness in Belkin N150 wireless routers is because of the Telnet protocol, which ended up enabled with the default username/password combination root/root. The vulnerability allows a malicious hacker to gain remote access to the router with root privileges, Singh said.

The researcher also found requests sent to the router can end up manipulated due to the lack of cross-site request forgery (CSRF) protection.

Singh said while some of these vulnerabilities require a direct connection, others, like the CSRF flaw, can end up exploited remotely.

The vulnerabilities affect firmware version 1.00.09 (F9K1009) which, according to Belkin’s official support page for N150 routers, is the latest version available for this device model. The issues ended up reported to the vendor on October 20 and again on November 25. Since he hasn’t received any response from the company, Singh said US CERT advised him to make his findings public.