DNS Hijack in D-Link Routers, No Authentication Required

remote vulnerability in popular dlink router

There is a remotely exploitable domain name system hijack vulnerability in D-Link’s DSLR2740R router.

D-Link’s popular DSL2740R wireless router is vulnerable to domain name system (DNS) hijacking exploits that requiring no authentication to access its administrative interface.

According to Todor Donev of the Bulgarian security firm Ethical Hacker, a number of other D-Link routers are affected by this bug as well, particularly the DLS-320B. PCWorld is reporting that the vulnerability exists in a widely deployed piece of router firmware called ZynOS, which is developed by ZyXEL Communications Corporation.

Donev told Threatpost in an email interview that some other D-Link devices are affected as well, but that he lacks the resources to perform an exhaustive test of all potentially affected devices.

In a post on PacketStorm, Donev warns that an attacker could modify the DNS settings on affected routers and reroute traffic through foreign DNS servers that are set up by criminals. The ultimate goal of a DNS hijack is to quietly redirect user traffic from legitimate websites to malicious ones.

However, Donev said an attacker could also modify router settings in order to manipulate the advertisements that users see, replacing legit ads with malicious ones on the sites they visit. An attacker could also prevent users from receiving operating system and other software and security updates, and directly push malware onto affected systems.

In order to exploit the bug, an attacker would have to either be on the router’s network or the router would have to be publicly accessible.

Threatpost reached out to Dlink but the company did not respond to our request for comment before publication.

Suggested articles