There’s a serious security vulnerability in the Belkin N150 wireless router that can enable a remote, unauthenticated attacker to read any system file on a vulnerable router.
The bug is a directory traversal vulnerability and the CERT/CC advisory says that all versions of the router that are running firmware up to and including firmware version 1.00.07 are vulnerable. The N150 is a low-end wireless home router, and the company has produced a new version of the firmware to correct the vulnerability.
“Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability through the built-in web interface. The webproc cgi module accepts a getpage parameter which takes an unrestricted file path as input. The web server runs with root privileges by default, allowing a malicious attacker to read any file on the system,” the advisory says.
Customers who have a vulnerable router should upgrade the firmware as soon as possible to the patched version, which is 1.00.08. Directory traversal attacks enable an attacker to force an application on a target system to access a file that shouldn’t be accessible.
“Updating your wireless router’s firmware fixes the previous version’s bugs and improves its functionality. This action must be done especially if you start experiencing connectivity issues with your device,” the Belkin advisory says.