Belkin Router Loaded With Zero-Day Flaws

One of the most popular routers from connectivity specialist Belkin contains “multiple vulnerabilities” that could allow a hacker to take control of it, security firms have warned.

And to make matters worse, the American vendor knows about the zero-data flaws but has yet to release a fix.

At Risk

The warning came from CERT Coordination Center (CERT/CC), which warned that the Belkin N600 DB Wireless Dual Band N+ router (model F9K1102 v2) with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities.

The flaws are so serious with this particular router, it could allow hackers to intercept cleartext transmission of sensitive information. Another flaw with the £59.99 Belkin N600 (pictured left) is that by default, it does not set a password for the web management interface. This could mean for example that a local area network (LAN) attacker could gain privileged access to the web management interface or carry out remote attacks such as cross-site request forgery.

“A remote, unauthenticated attacker may be able to spoof DNS responses to cause vulnerable devices to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request,” warns the advisory. “A LAN-based attacker can bypass authentication to take complete control of vulnerable devices.

“The CERT/CC is currently unaware of a practical solution to this problem,” it warned. So what should users of this particular router do?

CERT/CC said that until these flaws were addressed, users of the Belkin N600 router should only allow trusted hosts to connect to the LAN. It also advised strong Wi-Fi and web admin passwords.

This is not the first time that a problem has been discovered with Belkin equipment. Last year, the US government warned that of vulnerabilities with Belkin WeMo Home Automation devices could have been used to carry out destructive attacks on users’ homes.

In theory, these flaws could be used to cause a fire or simply use up electricity. After that vulnerability was revealed, Belkin patched the problem.

It remains to be seen how long before it issues a fix for the N600 router.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago