New claim: D-Link router exposes unprotected config controls to web – DNS hijackers, ahoy!

Zero-day exploit code already published


D-Link router DSL-2740R, and possible more like it, are allegedly vulnerable to DNS hijacking – which hackers can exploit to lure victims to dodgy websites and servers.

According to Bulgarian security researcher Todor Donev, the flaw lies in certain builds of ZyXEL's ZynOS firmware, which is used in network hardware from TP-Link Technologies, ZTE and D-Link. The affected kit is aimed at homes and small businesses.

Routers running the vulnerable software expose their internal web servers to the open internet, Donev claims, and allow anyone to remotely configure the devices without having to log in. An attacker just needs a victim's public IP address – which can be found by scanning the net – and fire off a HTTP request along the lines of:

http://x.x.x.x/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=a.a.a.a

It sounds very similar to the vulnerabilities found in ADB Pirelli routers last month.

Donev went public about the D-Link vulnerability without notifying the affected vendors.

By screwing around with a user's DNS settings, it's entirely possible PCs on the network will pick up the new name server IP addresses via DHCP and use them to connect to websites and other systems on the internet. If these name servers are malicious, they could point browsers at websites booby-trapped to infect computers with malware, or bogus login pages to harvest passwords.

Said login pages could be dressed up as a legit webmail or online banking site; if a victim doesn't notice that the site isn't HTTPS protected with the correct certificate, they are going to have a really bad time if they type in their username and password.

Donev has published a proof-of-concept exploit for the D-Link DSL-2740R, a dual-function ADSL modem/wireless router device. This particular device has been discontinued from sale but is still supported.

El Reg asked D-Link to comment on Friday, but we've yet to hear back from the networking firm which, in fairness, seems to have been given no advanced warning of trouble ahead. We will update this story if we learn more. ®

Broader topics


Other stories you might like

  • To cut off all nearby phones with these Chinese chips, this is the bug to exploit
    Android patches incoming for NAS-ty memory overwrite flaw

    A critical flaw in the LTE firmware of the fourth-largest smartphone chip biz in the world could be exploited over the air to block people's communications and deny services.

    The vulnerability in the baseband – or radio modem – of UNISOC's chipset was found by folks at Check Point Research who were looking for ways the silicon could be used to remotely attack devices. It turns out the flaw doesn't just apply to lower-end smartphones but some smart TVs, too.

    Check Point found attackers could transmit a specially designed radio packet to a nearby device to crash the firmware, ending that equipment's cellular connectivity, at least, presumably until it's rebooted. This would be achieved by broadcasting non-access stratum (NAS) messages over the air that when picked up and processed by UNISOC's firmware would end in a heap memory overwrite.

    Continue reading
  • Cisco EVP: We need to lift everyone above the cybersecurity poverty line
    It's going to become a human-rights issue, Jeetu Patel tells The Register

    RSA Conference Exclusive Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration.

    "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote. 

    "This is critical infrastructure — financial services, health care, transportation — services like your water supply, your power grid, all of those things can stop in an instant if there's a breach," he said. 

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022