Routers Vulnerable to DNS Changes

Thursday, January 29, 2015 @ 04:01 PM gHale

DNS settings of some D-Link routers can end up changed without authorization via their web-based administration console.

No authentication is necessary for this attack, which can redirect users to malicious online locations hosting malware or phishing pages.

Router Flaw Found
90 Days: Google Reveals 3 OS X Zero Days
Google Discloses Windows 8.1 Flaw
Unpatched Windows 8.1 Hole Exposed

An exploit ended up created and published by Todor Donev, a member of the Bulgarian security research group Ethical Hacker. The goal of the organization is to establish a community of professionals bringing innovation in computer security.

His research focused primarily on the D-Link DSL-2740R device, but according to the advisory, other routers from the manufacturer suffer from the vulnerability as well. The researcher did not provide a list with the affected devices.

According to a D-Link product page, the DSL-2740R phased out and is no longer for sale. But that does not mean the routers are not seeing use. In addition, the end-of-life status also means support is still out there if the product is still under warranty.

DNS technology is responsible for translating domain names into the IP addresses of the servers hosting the website.

In the advisory published, Donev said changing the DNS (domain name system) settings is useful to cybercriminals.

Exploiting the vulnerability discovered by the researcher requires the router to be accessible from the Internet.

Closing outside access limits the possibility of an attack, although bypassing this measure can occur through a cross-site forgery request (CSRF) method, if a compromised website ends up accessed.

Leave a Reply

You must be logged in to post a comment.