Belkin releases patch for its flawed Belkin N750 dual-band router firmware
A new vulnerability has been found in routers made by Belkin. The flaw which was reported overnight- was found to target the Belkin N750 dual-band router. This particular router was launched in 2011 and is still sold by the company and other commerce sites.Routers running firmware F9K1103_WW_1.10.16m would be affected unless owners intentionally switched off unprotected guest networks turned on by default.
IntegrityPT consultant Marco Vaz published a Metasploit module allowing guests to attack vulnerable routers. “A vulnerability in the guest network web interface of the [router] allows an unauthenticated remote attacker to gain root access to the operating system of the affected device,” Vaz said. “This vulnerability enables control over a part of heap memory where a variable that forces the execution of a CGI and also the variable with the name of the CGI to be executed are stored.”
This vulnerability made it possible for guest users to directly access telnet servers even though they were on a guest network. Belkin took approximately 6 months to be ready with a patch for this flaw. These kinds of flaws are considered rare among toolkit makers. Even more so on such old kits. Belkin users are advised to update to firmware F9K1103_WW_1.10.17m.