CVE-2014-2962 Revisited

Full Disclosure:
Target: Belkin Router N150
Vulnerability: Path Traversal Vulnerability

Belkin N150 Router

While configuring Belkin Router N150, I came across the url:

http://192.168.2.1/cgi-bin/webproc?getpage=html/page/ut_fw_checking.html&var:page=*

At first, this appeared to be normal url. But see the parameter, “getpage=”
This parameter seems fishy. So, I tried to look for vulnerability. On passing the “/etc/passwd” as parameter to getpage, it revealed the passwd file. Bang..it was vulnerable.

I looked for my router firmware version and checked whether any existing exploit available or not. I found that, firmware i.e 1.00.06 has existing exploit available found by “Aditya Lad”.

Screenshot_24

So, I upgraded router to the latest firmware and surprisingly, firmware 1.00.09 was vulnerable.  May be, it was regression from previous firmware.

Again, checked for firmware 1.00.08, which was not supposed to be vulnerable as

“According to Belkin, this issue was resolved in firmware version 1.00.08”

But it was vulnerable.

Screenshot_28

public ref:
https://www.kb.cert.org/vuls/id/774788
http://cwe.mitre.org/data/definitions/22.html
http://www.belkin.com/us/support-article?articleNum=109400

Advertisements