Popular Belkin Wi-Fi Routers Easily Hackable

A popular model of Belkin’s Wi-Fi routers has several zero-day vulnerabilities, some of which are still unpatched, according to independent researchers.

Several critical vulnerabilities have been discovered in Belkin’s wireless routers, leaving the router open to an attack, SC Magazine reports.

The vulnerabilities were discovered by Joel Land, a vulnerability analyst at CERT, the Software Engineering Institute at Carnegie Mellon University.

Related Article: Simple but Critical NetUSB Flaw Leaves Millions of Home Routers Open to Attack

He discovered that Belkin’s popular N600 DB Wireless Dual-Band N+ router, specifically model F9K1102 v2 contains five significant flaws. The vulnerabilities, according to Land, makes the router extremely exploitable.

“A remote, unauthenticated attacker may be able to spoof DNS responses to cause vulnerable devices to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request,” Land said in a US-CERT advisory.

The vulnerability flares up when DNS queries from the router use routine TXIDs that begin at 0x0002 to increase in increments. Any attacker with the technical know-how to spoof DNS responses could potentially use the router to reach malicious hosts set up by the attacker.

“A LAN-based attacker can bypass authentication to take complete control of vulnerable devices,” added Land.

Related Article: Popular ASUS Routers Can Easily Be Hacked

By default, the router uses HTTP connections for checking and downloading firmware update information. A malicious operator adept with launching man-in-the-middle attacks could tweak network traffic to block updates and even inject arbitrary files.

Additionally, Belkin’s routers do not require a password to gain access to the web management interface. An attacker on the same local area network (LAN) has the means to gain administrator access to the web management interface of the router and trigger attacks such as cross-site request forgery.

Authorization is enforced by the browser only when a password is implemented in the router’s web management interface.

US-CERT noted that it had not yet found a “practical solution to this problem.”

“Implement strong passwords for WiFi and the web management interface. While passwords do not provide any additional security against LAN-based attackers due to the authentication bypass vulnerability, passwords can help to prevent blind guessing attempts that would establish sessions for CSRF attacks.”

LAN hosts should not browse the Internet while the web management interface has an active session in a browser tab,” it advised.