A Bulgarian ethical hacker has found a hole in the firmware of DLink routers which make them vulnerable to remote changing of DNS settings and, effectively, traffic hijacking.
Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link’s DSL-2740R ADSL modem/wireless router.
The firmware is used in gear made by D-Link, TP-Link Technologies and ZTE.
The flaw allows attackers to access the device’s Web administration interface without authentication, and through it to modify the DNS settings, which could allow them to redirect users to malware-laden and phishing sites and prevent them to visit legitimate sites for OS and software updates (including security software).
Donev released exploit code for the flaw in a security advisory and said that it could be exploited remotely if the device’s interface is exposed to the Internet.
It is not the first time that the firmware has been found a little holey. In March 2014, Internet security research organization Team Cymru uncovered a global attack campaign that compromised over 300,000 home routers and changed their DNS settings. A different vulnerability in ZynOS was exploited in that attack and one of the techniques used was likely CSRF.