0-days found in widely used Belkin router, fixes still unavailable
No fixes are made available till now for the zero day vulnerabilities of widely used Belkin N600 routers. The zero day were notified by Computer Emergency Response Team(CERT).
CERT/CC recently issued a warning about the presence of several zero-day vulnerabilities affecting the popular Belkin N600 routers.The flaws can be exploited by attackers to block firmware updates,prevent victims from downloading content over Internet,create backdoors to systems and installing malware on target machine.
“A remote, unauthenticated attacker may be able to spoof DNS(Domain Name System server resolves web address into IP address) responses to cause vulnerable devices to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request,” researcher Joel Land, who unearthed the flaws, CERT advisory explained.
“A LAN-based attacker can bypass authentication to take complete control of vulnerable devices.”
The vulnerabilities affect Belkin N600 DB Wireless Dual Band N+ routers, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier.
CERT/CC has advised users to not allow untrusted hosts to connect to their LAN, not to browse the Internet while the web management interface has an active session in a browser tab, and to implement strong passwords for WiFi and for the web management interface.
Even though one of the vulnerabilities is an authentication bypass vulnerability that allows a LAN-based attacker to access the device’s web management interface without knowing the password, a strong password can help prevent blind guessing attempts that would establish sessions for CSRF(Cross Site Request Forgery) attacks.
Unfortunately, there are no easy mitigations for the DNS spoofing or firmware over HTTP issues.