While testing Belkin’s N150 wireless home network router, information security enthusiast Rahul Pratap Singh has discovered HTML/script injection, session hijacking, and cross site request forgery (CSRF) flaws.
In addition to this, he also found that the device has a telnet server running on port 23 which can be accessed by inserting a default username and password (both “root”). An attacker positioned on the same local network can exploit this fact to gain access to the router with root privileges.
This doesn’t mean that the attacker has to be physically present – a compromised machine on the local network is enough to launch the attack.
Steps for reproducing attacks that exploit all these flaws and PoC code can be found in this blog post.
The researcher says he first reported the flaws to the Belkin security team over a week ago, but hasn’t yet heard back from them, despite their claim that they need only “up to 2 business days for an initial response.”