Serious vulnerability to the Belkin N750 router. Upgrade your firmware!

xxc

Security researcher Marco Vaz discovered a serious vulnerability in the router Belkin N750, which could be leveraged to gain access. THE has already issued a patch to fix the vulnerability, but the number of users installing the updates firmware he is young.

The defect, with the code CVE--1635, affects Guest Web interface of the model N750 DB Wi-Fi Dual-Band N+ Gigabit Router running the του firmware F9K1103_WW_1.10.16m. Σύμφωνα με τον Marco Vaz της Integrity Labs το ελάττωμα είναι  απλά ένα buffer . Its specific model Belkin has the customer network enabled by default and does not require authentication. To resolve the issue, Belkin urges users to upgrade their firmware to the latest version F9K1103_WW_1.10.17m. Marco Vaz explains in an article that the vulnerability was discovered after a series of tests. The researcher found that the "jump" parameter used in applications is affected by buffer overflow "

"The Fuzzing, in general, plays an important role in detecting a vulnerability. This was also the case. After some fuzzed requests I noticed that the position of the jump parameter was affected by a classic buffer overflow with payload 5000 bytes. After the overflow the process was stopped (process died). Once he discovered the flaw, Vaz worked to exploit the vulnerability. To do this, he simulated the process of the router to be able to repair the MIPS32 process on a x86 computer.

The expert discovered that an unauthenticated attacker could execute root-level by sending specially crafted POST requests to the httpd (Apache HyperText Transfer Protocol server program). httpd implements authentication on guest network connections.

Mar Vaz also developed a Metasploit module to exploit the vulnerability:
"I have developed a Metasploit module to take advantage of this vulnerability, which also executes iptables commands so that the telnet server can be accessed directly from the visitor network in the root shell." Integrity Labs reported the vulnerability for Belkin on January 24 and released a newer firmware version on March 31.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).