Published: 31/12/2015 Updated: 31/12/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Subscribe to N600 Db Wi-fi Dual-band N\\\+ Router F9k1102 Firmware

Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote malicious users to spoof responses by predicting this value.

Vulnerable Product	Search on Vulmon	Subscribe to Product
belkin n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102_firmware 2.10.17

SOHOpeless: Belkin router redirection zero-day

The Register • Darren Pauli • 02 Sep 2015

DNS response fondling confounds security

Security bod Joel Land has reported zero-day holes in a popular model of Belkin router allowing attackers to yank cleartext credentials, spoof DNS responses, and pop admin interfaces. The Belkin N600 DB Wireless Dual Band N+ box released in 2012 and selling for around AUD$150 contains five vulnerabilities from slack randomness (CVE-2015-5987) to cleartext violations and cross-site request forgery (CVE-2015-5990). Land of the US CERT/CC says remote attackers could redirect Belkin owners to malici...

CVE-2015-5987

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect