Tuesday, 3 February 2015

D-Link Routers Vulnerable To DNS Hijacking

Different routers network manufacturer D-Link contains a vulnerability which can modify a remote attacker without credentials the DNS settings of the devices. This allows the attacker to the movement of the hacked router running through its servers, reports PC World .

The vulnerability is in the ZyNOS router firmware, developed by manufacturer ZyXEL. In addition to D-Link's firmware is also used by other manufacturers, including TP-Link and ZTE. Through the leak is possible to get without a valid username and password to access the administration interface. The problem is both an administrative interface that is directly accessible via the Internet as an interface that is only accessible locally. In the latter case an attacker to perform a CSRF attack.

Once access to the interface, the attacker could change the DNS settings. The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. The DNS hijacking an attacker can manipulate the movement of users. It is believed that the leak in the D-Link DSL-2740R and the D-Link DLS 320B. Both models are sold in the Netherlands, where the DLS 320B still being offered.

Researcher Todor Donev, who noticed the problem reported this to manufacturer D-Link, so there is no update available yet.Moreover, the DSL-2740R is a phased model. Donev opposes Threat Post that other models are vulnerable, but he does not have the resources to test all affected devices. Meanwhile, he has also put an exploit online to demonstrate the attack.

No comments:

Post a Comment