Published: 31/12/2015 Updated: 31/12/2015

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote malicious users to hijack the authentication of arbitrary users.

Vulnerable Product	Search on Vulmon	Subscribe to Product
belkin n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102_firmware 2.10.17

SOHOpeless: Belkin router redirection zero-day

The Register • Darren Pauli • 02 Sep 2015

DNS response fondling confounds security

Security bod Joel Land has reported zero-day holes in a popular model of Belkin router allowing attackers to yank cleartext credentials, spoof DNS responses, and pop admin interfaces. The Belkin N600 DB Wireless Dual Band N+ box released in 2012 and selling for around AUD$150 contains five vulnerabilities from slack randomness (CVE-2015-5987) to cleartext violations and cross-site request forgery (CVE-2015-5990). Land of the US CERT/CC says remote attackers could redirect Belkin owners to malici...

CVE-2015-5990

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect