Belkin Router Loaded With Zero-Day Flaws

One of the most popular routers from connectivity specialist Belkin contains “multiple vulnerabilities” that could allow a hacker to take control of it, security firms have warned.

And to make matters worse, the American vendor knows about the zero-data flaws but has yet to release a fix.

At Risk

The warning came from CERT Coordination Center (CERT/CC), which warned that the Belkin N600 DB Wireless Dual Band N+ router (model F9K1102 v2) with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities.

The flaws are so serious with this particular router, it could allow hackers to intercept cleartext transmission of sensitive information. Another flaw with the £59.99 Belkin N600 (pictured left) is that by default, it does not set a password for the web management interface. This could mean for example that a local area network (LAN) attacker could gain privileged access to the web management interface or carry out remote attacks such as cross-site request forgery.

“A remote, unauthenticated attacker may be able to spoof DNS responses to cause vulnerable devices to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request,” warns the advisory. “A LAN-based attacker can bypass authentication to take complete control of vulnerable devices.

“The CERT/CC is currently unaware of a practical solution to this problem,” it warned. So what should users of this particular router do?

CERT/CC said that until these flaws were addressed, users of the Belkin N600 router should only allow trusted hosts to connect to the LAN. It also advised strong Wi-Fi and web admin passwords.

This is not the first time that a problem has been discovered with Belkin equipment. Last year, the US government warned that of vulnerabilities with Belkin WeMo Home Automation devices could have been used to carry out destructive attacks on users’ homes.

In theory, these flaws could be used to cause a fire or simply use up electricity. After that vulnerability was revealed, Belkin patched the problem.

It remains to be seen how long before it issues a fix for the N600 router.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

11 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

11 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

12 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

14 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

17 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

17 hours ago