Belkin N150 path traversal vulnerability

2014-06-18T00:00:00
ID VU:774788
Type cert
Reporter CERT
Modified 2015-09-29T18:49:00

Description

Overview

Belkin N150 wireless routers contain a path traversal vulnerability.

Description

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - CVE-2014-2962

Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability through the built-in web interface. The webproc cgi module accepts a getpage parameter which takes an unrestricted file path as input. The web server runs with root privileges by default, allowing a malicious attacker to read any file on the system.


Impact

An unauthenticated attacker that is connected to the router's LAN may be able to read critical system files on the router.


Solution

The CERT/CC is currently unaware of a practical solution to this problem. The vendor had previously indicated that the vulnerability was resolved in firmware version 1.00.08; however, recent reports indicate that firmware version 1.00.08 failed to address the issue and that version 1.00.09 is vulnerable as well. Users should consider the following workaround:


Restrict Access

Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources.


Vendor Information

774788

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Vendor has issued information

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Belkin, Inc. Affected

Notified: March 10, 2014 Updated: June 09, 2014

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | 7.8 | AV:N/AC:L/Au:N/C:C/I:--/A:--
Temporal | 6.1 | E:POC/RL:OF/RC:C
Environmental | 4.6 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • <http://www.belkin.com/us/support-article?articleNum=109400>
  • <http://cwe.mitre.org/data/definitions/22.html>

Acknowledgements

Thanks to Aditya Lad for originally reporting this vulnerability. Thanks to Rahul Pratap Singh for identifying the issue in version 1.00.09 and for testing 1.00.08.

This document was written by Todd Lewellen.

Other Information

CVE IDs: | CVE-2014-2962
---|---
Date Public: | 2014-06-18
Date First Published: | 2014-06-18
Date Last Updated: | 2015-09-29 18:49 UTC
Document Revision: | 19