Menu
DNS hijacking vulnerability affects D-Link DSL router, possibly other devices

DNS hijacking vulnerability affects D-Link DSL router, possibly other devices

A vulnerability in ZynOS could spell trouble for users of routers from D-Link, TP-Link, ZTE and other manufacturers, a researcher said

A vulnerability found in a DSL router model from D-Link allows remote hackers to change its DNS (Domain Name System) settings and hijack users' traffic. The issue might also affect other devices because it is located in a popular firmware used by different manufacturers, according to a security researcher.

A proof-of-concept exploit was published Tuesday for the D-Link DSL-2740R model, a dual-function ADSL modem/wireless router device, which according to the D-Link support site has been phased out. This means the device is no longer being sold, but might still receive support if covered by warranty.

The exploit was created by Todor Donev, member of a Bulgarian security research outfit called Ethical Hacker, who claims that more devices from D-Link and other manufacturers might be affected.

The vulnerability is actually in ZynOS, a router firmware developed by ZyXEL Communications that's used in products from multiple networking equipment manufacturers, including D-Link, TP-Link Technologies and ZTE, Donev said via email.

Attackers don't need to have access credentials for the affected devices in order to exploit the vulnerability, but do need to be able to reach their Web-based administration interfaces, he said.

If the administration interface is exposed to the Internet -- routers are sometimes configured in this way for remote administration -- the risk of exploitation is higher. But even if it's only accessible from within the local area network, hackers can still use cross-site request forgery (CSRF) techniques to reach a router's interface.

CSRF attacks hijack users' browsers to perform unauthorized actions when they visit compromised sites or click on malicious links. Rogue code loaded from a website can instruct a browser to send specially crafted HTTP requests to LAN IP addresses that are usually associated with routers.

Large scale CSRF attacks against router owners that were designed to replace DNS servers configured on their devices with servers controlled by attackers were observed on the Internet in the past.

DNS servers have an important role. They translate website names that humans can understand into numerical IP addresses that computers use to speak with each other. If a router uses a malicious DNS server, attackers can direct computers served by that router to rogue servers when they attempt to access legitimate websites.

In March 2014, Internet security research organization Team Cymru uncovered a global attack campaign that compromised over 300,000 home routers and changed their DNS settings. A different vulnerability in ZynOS was exploited in that attack and one of the techniques used was likely CSRF.

Donev did not report the vulnerability to D-Link and as far as he knows it is currently a zero-day -- a name given to publicly disclosed, but unpatched vulnerabilities.

D-Link did not immediately respond to a request for comment sent Tuesday.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags Ethical HackerTp-link Technologiesonline safetysecurityAccess control and authenticationZTEZyXEL CommunicationsD-LinkExploits / vulnerabilitiesintrusion

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments