Practice your CSRF and DNS meddling exploits here.
Belkin’s home routers can be commandeered by hackers, thanks to a Telnet backdoor, a cross-site request forgery (CSRF) vulnerability and other bugs, we’re told.
Security researcher Rahul Pratap Singh warns that the Belkin N150’s builtin web server, provided so users can configure their kit, doesn’t perform enough checks on requests heading its way.
The devices also leave a Telnet server running on port 23 with the default username and password “root”, revealing a BusyBox Linux system under the hood, we’re told. This can be accessed by anything on the local network.
He told us the flaws could be used in combination, some using a direct connection to the router, and others remotely via a browser, to gain ownership over the Belkin boxes.
“An attacker may have a machine on the local network, either by physically connecting, or by compromising a machine on the local network through other means – for example, via malware,” he explained. “Then it can use Telnet to do rest of the stuff to compromise the router.”
He has also posted a video demonstrating a script-injection exploit on a Belkin N150 running firmware version 1.00.09.
Singh said he first reported the security issues to Belkin on October 20, and again on November 25, to no response. The flaws are reported to be unpatched.
Belkin did not respond to a request for comment on the security disclosure, and at this point it is not clear when a fix or mitigation will be released.
Belkin routers are like a barrel of fish for security researchers to shoot into, or rather a barrel of fish that Belkin has riddled with holes: its boxes have been vulnerable to DNS spoofing and Wi-Fi security cracking tricks in the past few months.