- Dec 30, 2012
- 4,809
D-Link’s popular DSL2740R wireless router is vulnerable to domain name system (DNS) hijacking exploits that requiring no authentication to access its administrative interface. According to Todor Donev of the Bulgarian security firm Ethical Hacker, a number of other D-Link routers are affected by this bug as well, particularly the DLS-320B. PCWorld is reporting that the vulnerability exists in a widely deployed piece of router firmware called ZynOS, which is developed by ZuXEL Communications Corporation. Related Posts Lizard Squad’s DDoS-For-Hire Service Built on Hacked Home Routers January 12, 2015 , 1:24 pm Attackers Compromise ICANN, Access Zone Files System December 17, 2014 , 7:46 pm Shellshock Worm Exploiting Unpatched QNAP NAS Devices December 15, 2014 , 11:35 am Donev told Threatpost in an email interview that some other D-Link devices are affected as well, but that he lacks the resources to perform an exhaustive test of all potentially affected devices. In a post on PacketStorm, Donev warns that an attacker could modify the DNS settings on affected routers and reroute traffic through foreign DNS servers that are set up by criminals. The ultimate goal of a DNS hijack is to quietly redirect user traffic from legitimate websites to malicious ones.
Read More
Read More