1 min read

Multiple Vulnerabilities in Belkin Router Could Allow DNS Spoofing and Credentials Theft

Liviu ARSENE

September 02, 2015

Multiple Vulnerabilities in Belkin Router Could Allow DNS Spoofing and Credentials Theft

Five zero-day vulnerabilities in Belkin N600 DB Wireless Dual Band N+ routers could have allowed attackers to grab credentials in clear text and spoof DNS requests, according to security researcher Joel Land.

The affected mode is F9K1102 v2 with firmware version 2.10.17, possibly earlier versions and models susceptible to the five found vulnerabilities as well.

By successfully exploiting the firmware vulnerabilities in the SOHO router, Joel believes attackers could have either pointed home users to crafted websites that might have delivered malware or towards phishing websites designed to collect sensitive or private user data.

“DNS queries originating from the Belkin N600, such as those to resolve the names of firmware update and NTP servers, use predictable TXIDs that start at 0x0002 and increase incrementally,” reads the CERT/CC advisory. “An attacker with the ability to spoof DNS responses can cause the router to contact incorrect or malicious hosts under the attacker’s control.”

Although no attacks have been reported in the wild, no fixes or updates address the found vulnerabilities. However, some workarounds have been proposed, involving only allowing trusted hosts to connect to the LAN, using strong authentication passwords for the web management interface, and avoidance of browsing with an active session to the web management interface.

The only vulnerability that currently has no workaround centers on the DNS spoofing or firmware tampering over HTTP, as users are unlikely to monitor traffic entering their router.

The vulnerabilities have been dubbed CVE-2015-5987, CVE-2015-5988, CVE-2015-5989, CVE-2015-5990, and CWE-319.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read