Security researcher Marco Vaz discovered a serious vulnerability in the router Belkin N750, which could be used to gain access. The company has already released a patch to fix the vulnerability, but the number of users installing the updates firmware he is young.
The defect, with the code CVE-2014-1635, affects the Guest Network Web interface of the model N750 DB Wi-Fi Dual-Band N+ Gigabit Router running the version of firmware F9K1103_WW_1.10.16m. According to Marco Vaz of Integrity Labs the flaw is simply a buffer overflow. Her particular model Belkin has it enabled by default network customers and does not require authentication. To resolve the issue, Belkin urges users to upgrade their firmware to the latest version F9K1103_WW_1.10.17m. Marco Vaz explains in his article that the vulnerability was discovered after a series of tests. The researcher discovered that the "jump" parameter used in requests is affected by buffer overflow"
"The Fuzzing, in general, plays an important role in detecting a vulnerability. This was also the case. After some fuzzed requests I noticed that the position of the jump parameter was affected by a classic buffer overflow with payload 5000 bytes. After the overflow the process was stopped (process died). Once he discovered the flaw, Vaz worked to exploit the vulnerability. To do this, he simulated the process of the router to be able to repair the MIPS32 process on a x86 computer.
Ο εμπειρογνώμονας ανακάλυψε ότι ένας unauthenticated εισβολέας θα μπορούσε να εκτελέσει root-level εντολές στέλνοντας ειδικά κατασκευασμένα POST αιτήματα για την httpd (Apache HyperText Transfer Protocol server program). Η httpd υλοποιεί τον ελέγχο ταυτότητας σε connections visitor network.
Mar Vaz also developed a Metasploit module to exploit the vulnerability:
"I have developed a Metasploit module to take advantage of this vulnerability, which also executes iptables commands so that the telnet server can be accessed directly from the visitor network in the root shell." Integrity Labs reported the vulnerability for Belkin on January 24 and released a newer firmware version on March 31.
