0-days found in widely used Belkin router, fixes still unavailableNo fixes are made available till now for the zero day vulnerabilities of widely used Belkin N600 routers. The zero day were notified by Computer Emergency Response Team(CERT).
“A LAN-based attacker can bypass authentication to take complete control of vulnerable devices.” The vulnerabilities affect Belkin N600 DB Wireless Dual Band N+ routers, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier. CERT/CC has advised users to not allow untrusted hosts to connect to their LAN, not to browse the Internet while the web management interface has an active session in a browser tab, and to implement strong passwords for WiFi and for the web management interface. Even though one of the vulnerabilities is an authentication bypass vulnerability that allows a LAN-based attacker to access the device’s web management interface without knowing the password, a strong password can help prevent blind guessing attempts that would establish sessions for CSRF(Cross Site Request Forgery) attacks. Unfortunately, there are no easy mitigations for the DNS spoofing or firmware over HTTP issues.