Belkin’s N150 router is perfect for learning hacking skills – wait, what, it’s in production?

Posted on

Practice your CSRF and DNS meddling exploits here.

Belkin’s home routers can be commandeered by hackers, thanks to a Telnet backdoor, a cross-site request forgery (CSRF) vulnerability and other bugs, we’re told.

Security researcher Rahul Pratap Singh warns that the Belkin N150’s builtin web server, provided so users can configure their kit, doesn’t perform enough checks on requests heading its way.

That means when someone visits a malicious webpage, JavaScript on that page can manipulate the device’s settings to knock it offline, redirect internet traffic to hacker-controlled servers by tampering with DNS settings, and so on. This is possible by brute-forcing the session cookie, and exploiting the web app’s CSRF weakness, Singh says.

belkinn150router

The devices also leave a Telnet server running on port 23 with the default username and password “root”, revealing a BusyBox Linux system under the hood, we’re told. This can be accessed by anything on the local network.

And malicious JavaScript can be injected into the N150’s webpages, which is executed in the browser when the user logs into their own device, according to Singh.

He told us the flaws could be used in combination, some using a direct connection to the router, and others remotely via a browser, to gain ownership over the Belkin boxes.

“An attacker may have a machine on the local network, either by physically connecting, or by compromising a machine on the local network through other means – for example, via malware,” he explained. “Then it can use Telnet to do rest of the stuff to compromise the router.”

He has also posted a video demonstrating a script-injection exploit on a Belkin N150 running firmware version 1.00.09.

Singh said he first reported the security issues to Belkin on October 20, and again on November 25, to no response. The flaws are reported to be unpatched.

Belkin did not respond to a request for comment on the security disclosure, and at this point it is not clear when a fix or mitigation will be released.

Belkin routers are like a barrel of fish for security researchers to shoot into, or rather a barrel of fish that Belkin has riddled with holes: its boxes have been vulnerable to DNS spoofing and Wi-Fi security cracking tricks in the past few months.

Source:http://www.theregister.co.uk/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s