Belkin N750 router has Zero-day exploit

This router has a big security hole:

belkinN750_

 

Integrity Labs says there is a guest wifi Zero-day exploit, this means that an unportected (without a password) wifi zone can be attacked and the machine can be taken over by the hacker.

 

If you have a Belkin N750 you should consider replacing it ASAP.

Believe it that there will be attacks on your machine, and it is only a matter of time before it will be hacked.

 

integrity Labs reviews their understanding and the method of buffer overflow on the machine:

integritylabsexploit

A good reverse engineer toolkit uses a disassembler, and with it Integrity labs was able to find the incorrect function:

“Using the IDAPro disassembler I was able to identify the problem, the overflow occurred due to the usage of the insecure strcpy() function.”

(you can read hte details of how Integrity labs figured out the exploit on their site)

The bottom line is the following written statement:

“An attacker could exploit this vulnerability by preparing a special POST where the parameter “jump” takes some padding (1379 bytes) concatenated with the commands to be executed and with something different from zero to overwrite the do_xread and enter the section of code that invokes the popen() by failing the jump  BEQZ at address 0x0040338C.”

 

so we have the Zro-day exploit, now it is a matter of time before the hackers will “weaponize” and make attack code to control any N750 routers on the Internet.

Hopefully Belkin will fix this soon, but until then you should replace the routers.