Belkin F5D5230-4 Router Internal Web Traffic Origin Obfuscation Vulnerability

The Belkin F5D5230-4 4-Port Cable/DSL Gateway Router is a hardware router for a home or small office.

When a request for a service that has been remapped to the internal network is made via the WAN interface, and the origin is the internal network, the router reacts unpredictably. The origin address is rewritten as the IP address of the external interface by the device before being passed to the internal network. Upon receiving a request of this nature, the device will rewrite all future requests for services mapped to the WAN network, reporting their origin as that of the WAN interface.

This is known to be an issue for requests for port 80, if port 80 has been remapped to a host within the internal network. This may potentially be exploited to obscure the origin of attacks against a webserver in the internal network.


Privacy Statement
Copyright 2010, SecurityFocus