DNS hijacking vulnerability affects D-Link DSL router, possibly other devices

A vulnerability in ZynOS could spell trouble for users of routers from D-Link, TP-Link, ZTE and other manufacturers, a researcher said

A vulnerability found in a DSL router model from D-Link allows remote hackers to change its DNS (Domain Name System) settings and hijack users' traffic. The issue might also affect other devices because it is located in a popular firmware used by different manufacturers, according to a security researcher.

A proof-of-concept exploit was published Tuesday for the D-Link DSL-2740R model, a dual-function ADSL modem/wireless router device, which according to the D-Link support site has been phased out. This means the device is no longer being sold, but might still receive support if covered by warranty.

The exploit was created by Todor Donev, member of a Bulgarian security research outfit called Ethical Hacker, who claims that more devices from D-Link and other manufacturers might be affected.

The vulnerability is actually in ZynOS, a router firmware developed by ZyXEL Communications that's used in products from multiple networking equipment manufacturers, including D-Link, TP-Link Technologies and ZTE, Donev said via email.

Attackers don't need to have access credentials for the affected devices in order to exploit the vulnerability, but do need to be able to reach their Web-based administration interfaces, he said.

If the administration interface is exposed to the Internet -- routers are sometimes configured in this way for remote administration -- the risk of exploitation is higher. But even if it's only accessible from within the local area network, hackers can still use cross-site request forgery (CSRF) techniques to reach a router's interface.

CSRF attacks hijack users' browsers to perform unauthorized actions when they visit compromised sites or click on malicious links. Rogue code loaded from a website can instruct a browser to send specially crafted HTTP requests to LAN IP addresses that are usually associated with routers.

Large scale CSRF attacks against router owners that were designed to replace DNS servers configured on their devices with servers controlled by attackers were observed on the Internet in the past.

DNS servers have an important role. They translate website names that humans can understand into numerical IP addresses that computers use to speak with each other. If a router uses a malicious DNS server, attackers can direct computers served by that router to rogue servers when they attempt to access legitimate websites.

In March 2014, Internet security research organization Team Cymru uncovered a global attack campaign that compromised over 300,000 home routers and changed their DNS settings. A different vulnerability in ZynOS was exploited in that attack and one of the techniques used was likely CSRF.

Donev did not report the vulnerability to D-Link and as far as he knows it is currently a zero-day -- a name given to publicly disclosed, but unpatched vulnerabilities.

D-Link did not immediately respond to a request for comment sent Tuesday.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Ethical HackerTp-link Technologiesonline safetysecurityAccess control and authenticationZTEZyXEL CommunicationsD-LinkExploits / vulnerabilitiesintrusion

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?