Test ID:	1.3.6.1.4.1.25623.1.0.806170
Category:	Web application abuses
Title:	Belkin N150 Wireless Home Router Multiple Vulnerabilities (Nov 2015) - Active Check
Summary:	Belkin N150 Wireless Home Router is prone to multiple; vulnerabilities.
Description:	Summary: Belkin N150 Wireless Home Router is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - The 'InternetGatewayDevice.DeviceInfo.X_TWSZ-COM_Language' parameter is not validated properly. - The sessionid is allocated using hex encoding and of fixed length 8. Therefore, it is very easy to bruteforce it in feasible amount for time as this session id ranges from 00000000 to ffffffff. - The Telnet protocol can be used by an attacker to gain remote access to the router with root privileges. - The Request doesn't contain any CSRF-token. Therefore, requests can be forged.It can be verified with any request. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and upload and download of arbitrary files, and to take malicious actions against the application. Affected Software/OS: Belkin N150 WiFi N Router, other firmware may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.