Authentication vulnerability in Belkin wireless devices

From: Andrei Mikhailovsky (mlists_at_arhont.com)
Date: 11/15/05

  • Next message: labs-no-reply_at_idefense.com: "iDEFENSE Security Advisory 11.15.05: Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability"
    To: bugtraq@securityfocus.com
    Date: Tue, 15 Nov 2005 21:58:04 +0000
    
    
    

    Arhont Ltd. - Information Security

    Arhont Advisory by: Andrei Mikhailovsky (www.arhont.com)
    Advisory: Belkin Wireless Router Authentication
    Vulnerability
    Router Model Name: F5D7232-4 and F5D7230-4
    Model Specific: Other models are likely to be vulnerable
    Manufacturer site: http://www.belkin.com

    SUMMARY:
    A serious security vulnerability have been found in authentication
    system of Belkin Wireless Routers. The vulnerability has been confirmed
    in Belkin Wireless Routers models F5D7232-4 and F5D7230-4 with latest
    firmware 4.05.03 and with firmware 4.03.03. Previous firmware versions
    are also likely to be effected. Other Belkin wireless devices are likely
    to be vulnerable.

    VULNERABILITY DESCRIPTION:
    While a legitimate device administrator is logged into the router's web
    management interface, any other user/attacker can access, view and
    change router's web configuration without authentication from any
    network address. This presents an opportunistic vector of attack on the
    device in question.

    Risk Factor: High/Medium

    WORKAROUNDS: At the release time of this advisory, Belkin didn't have
    an update that solves the issue. It is advised to filter all requests to
    web administration interface of the device.

    COMMUNICATION HISTORY:
    Manufacturer notified on 11th of October 2005

    ADDITIONAL INFORMATION:
    *According to the Arhont Ltd. policy, all of the found vulnerabilities
    and security issues will be reported to the manufacturer at least 7 days
    before releasing them to the public domains (such as CERT and BUGTRAQ).
    The delay of the public release might be negotiated with the
    manufacturer providing reasonable justifications have been given from
    the manufacturer side.

    If you would like to get more information about this issue, please do
    not hesitate to contact Arhont team on info[_-at-_]arhont[_-dot-_]com

    -- 
    Andrei Mikhailovsky
    Arhont Ltd - Information Security
    Web: http://www.arhont.com
         http://www.wi-foo.com
    Tel: +44 (0)870 4431337
    Fax: +44 (0)117 9690141
    PGP: Key ID - 0x2B3438DE
    PGP: Server - keyserver.pgp.com
    
    



  • Next message: labs-no-reply_at_idefense.com: "iDEFENSE Security Advisory 11.15.05: Multiple Vendor GTK+ gdk-pixbuf XPM Loader Heap Overflow Vulnerability"

    Relevant Pages

    • [Full-disclosure] Authentication vulnerability in Belkin wireless devices
      ... A serious security vulnerability have been found in authentication ... in Belkin Wireless Routers models F5D7232-4 and F5D7230-4 with latest ... Manufacturer notified on 11th of October 2005 ... Arhont Ltd - Information Security ...
      (Full-Disclosure)
    • RE: about SQL injection
      ... That is a very common vulnerability. ... That means a hacker and retrieve almost everything that the account that you ... Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • Re: about SQL injection
      ... The vulnerability lies in your html/asp/jsp/cgi page and not the ... and select from your query before it hits your database. ... > Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • Belkin Wireless G Router DoS
      ... #ATI security Group has discovered a Denial of Service Vulnerability in the Belkin Wireless G Router's. ... #Simple Dork: http://RouterIp (DoS SYN FLOOD on ROUTER) ...
      (Bugtraq)