US-CERT has outlined about Wireless routers developed by Belkin supposedly containing several vulnerabilities.
CERT in their Vulnerability Note VU#201168 (Vulnerability ID) said, that Belkin’s N600 DB Wireless Dual-Band N+ Router, model F9K1102 v2 with firmware version 2.10.17 and very likely earlier versions are packed with multiple and critical vulnerabilities.
The targeted router is the fastest long-range router with speeds up to 300Mbps + 300Mbps** allows a great multi-device coverage and with its dual-band operating speed empowering and prioritizing exhaustive activities like video streaming and online gaming.
Few months back, The Hacker News (THN) reported about vulnerabilities in routers capable of hijacking user’s data at different instances.
Belkin router is accused of loopholes that allow an attacker to spoof DNS, conduct man-in-the-middle attack, perform privilege escalation and implement Cross Site Request Forgery(CSRF).
CERT lists out the multiple vulnerabilities as:
- CWE-330: Use of Insufficiently Random Values – CVE-2015-5987
- CWE-319: Cleartext Transmission of Sensitive Information
- CWE-255: Credentials Management – CVE-2015-5988
- CWE-603: Use of Client-Side Authentication – CVE-2015-5989
- CWE-352: Cross-Site Request Forgery (CSRF) – CVE-2015-5990
They have stated that as of now there are no workarounds being issued for the vulnerabilities. But users of the router may follow preventive measures to protect themselves.
Solutions provided ask the users to:
- Restrict access to the device
- Usage of strong passwords
The vulnerabilities were reported by Joel Land of the CERT/CC (Coordination Centre). Further, you can check US-CERT Vulnerability Notes Database explaining the same in-depth.