Belkin Router Loaded With Zero-Day Flaws

One of the most popular routers from connectivity specialist Belkin contains “multiple vulnerabilities” that could allow a hacker to take control of it, security firms have warned.

And to make matters worse, the American vendor knows about the zero-data flaws but has yet to release a fix.

At Risk

The warning came from CERT Coordination Center (CERT/CC), which warned that the Belkin N600 DB Wireless Dual Band N+ router (model F9K1102 v2) with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities.

The flaws are so serious with this particular router, it could allow hackers to intercept cleartext transmission of sensitive information. Another flaw with the £59.99 Belkin N600 (pictured left) is that by default, it does not set a password for the web management interface. This could mean for example that a local area network (LAN) attacker could gain privileged access to the web management interface or carry out remote attacks such as cross-site request forgery.

“A remote, unauthenticated attacker may be able to spoof DNS responses to cause vulnerable devices to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request,” warns the advisory. “A LAN-based attacker can bypass authentication to take complete control of vulnerable devices.

“The CERT/CC is currently unaware of a practical solution to this problem,” it warned. So what should users of this particular router do?

CERT/CC said that until these flaws were addressed, users of the Belkin N600 router should only allow trusted hosts to connect to the LAN. It also advised strong Wi-Fi and web admin passwords.

This is not the first time that a problem has been discovered with Belkin equipment. Last year, the US government warned that of vulnerabilities with Belkin WeMo Home Automation devices could have been used to carry out destructive attacks on users’ homes.

In theory, these flaws could be used to cause a fire or simply use up electricity. After that vulnerability was revealed, Belkin patched the problem.

It remains to be seen how long before it issues a fix for the N600 router.

Are you a security expert? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Norway Hit By DDoS Cyber Attacks From Pro Russian Group

Norwegian national security agency warns pro-Russian group has targetted private and public institutions in Norway…

15 hours ago

Google Tells Staff They Can Relocate After Roe v Wade Ending

After US Supreme Court last week removed women's reproduction rights, Google tells staff they can…

16 hours ago

Taiwan Developing Own Digital Currency – Report

Central bank of Taiwan confirms it is still working on its digital currency, but has…

18 hours ago

Tesla Cuts 200 Autopilot Jobs, Closes San Mateo Office – Report

More restructuring at Tesla with hundreds of bob losses and California office closure, where staff…

19 hours ago

US FCC Commissioner Urges Apple, Google To Remove TikTok

Fresh worry for TikTok, after FCC Commissioner writes to Apple and Google about removing the…

20 hours ago

Airbnb Permanently Bans Parties, With Few Exceptions

Victory for irate neighbours? Airbnb confirms its temporary Covid ban on parties in its listings…

21 hours ago