Security researcher Marco Vaz discovered a serious vulnerability in the router Belkin N750, which could be leveraged to gain access. THE company has already issued a patch to fix the vulnerability, but the number of users installing the updates firmware he is young.
The defect, with the code CVE-2014-1635, affects Guest Network Web interface of the model N750 DB Wi-Fi Dual-Band N+ Gigabit Router running the version του firmware F9K1103_WW_1.10.16m. Σύμφωνα με τον Marco Vaz της Integrity Labs το ελάττωμα είναι απλά ένα buffer Overflow. Its specific model Belkin has the customer network enabled by default and does not require authentication. To resolve the issue, Belkin urges users to upgrade their firmware to the latest version F9K1103_WW_1.10.17m. Marco Vaz explains in an article that the vulnerability was discovered after a series of tests. The researcher found that the "jump" parameter used in applications is affected by buffer overflow "
"The Fuzzing, in general, plays an important role in detecting a vulnerability. This was also the case. After some fuzzed requests I noticed that the position of the jump parameter was affected by a classic buffer overflow with payload 5000 bytes. After the overflow the process was stopped (process died). Once he discovered the flaw, Vaz worked to exploit the vulnerability. To do this, he simulated the process of the router to be able to repair the MIPS32 process on a x86 computer.
The expert discovered that an unauthenticated attacker could execute root-level commands by sending specially crafted POST requests to the httpd (Apache HyperText Transfer Protocol server program). httpd implements authentication on guest network connections.
Mar Vaz also developed a Metasploit module to exploit the vulnerability:
"I have developed a Metasploit module to take advantage of this vulnerability, which also executes iptables commands so that the telnet server can be accessed directly from the visitor network in the root shell." Integrity Labs reported the vulnerability for Belkin on January 24 and released a newer firmware version on March 31.