Belkin flings out patch after Metasploit module turns guests to admins
Open guest networks turned on by default
Belkin has patched a vulnerability in a dual band router that allowed attackers on guest networks to gain root access using an automated tool.
The flaw reported overnight targeted the Belkin N750 dual-band router – which was launched in 2011 and is still sold by the company and other commerce sites.
IntegrityPT consultant Marco Vaz published a Metasploit module allowing guests to attack vulnerable routers.
"A vulnerability in the guest network web interface of the [router] allows an unauthenticated remote attacker to gain root access to the operating system of the affected device," Vaz said.
"This vulnerability enables control over a part of heap memory where a variable that forces the execution of a CGI and also the variable with the name of the CGI to be executed are stored."
Routers running firmware F9K1103_WW_1.10.16m would be affected unless owners intentionally switched off unprotected guest networks turned on by default.
The module for the popular Metasploit penetration testing tool exploited vulnerability made it possible to access telnet servers directly from the guest network to the root shell, Vaz said.
While it took Belkin six months to fix the flaw, such efforts are rare among network vendors, especially for ageing kit.
Belkin users should update to firmware F9K1103_WW_1.10.17m. ®