Belkin releases patch for its flawed Belkin N750 dual-band router firmwareThe Flaw
The Flaw
IntegrityPT consultant Marco Vaz published a Metasploit module allowing guests to attack vulnerable routers. “A vulnerability in the guest network web interface of the [router] allows an unauthenticated remote attacker to gain root access to the operating system of the affected device,” Vaz said. “This vulnerability enables control over a part of heap memory where a variable that forces the execution of a CGI and also the variable with the name of the CGI to be executed are stored.” This vulnerability made it possible for guest users to directly access telnet servers even though they were on a guest network. Belkin took approximately 6 months to be ready with a patch for this flaw. These kinds of flaws are considered rare among toolkit makers. Even more so on such old kits. Belkin users are advised to update to firmware F9K1103_WW_1.10.17m.