DNS hijacking vulnerability affects D-Link DSL router, possibly other devices

A vulnerability in ZynOS could spell trouble for users of routers from D-Link, TP-Link, ZTE and other manufacturers, a researcher said

A vulnerability found in a DSL router model from D-Link allows remote hackers to change its DNS (Domain Name System) settings and hijack users' traffic. The issue might also affect other devices because it is located in a popular firmware used by different manufacturers, according to a security researcher.

A proof-of-concept exploit was published Tuesday for the D-Link DSL-2740R model, a dual-function ADSL modem/wireless router device, which according to the D-Link support site has been phased out. This means the device is no longer being sold, but might still receive support if covered by warranty.

The exploit was created by Todor Donev, member of a Bulgarian security research outfit called Ethical Hacker, who claims that more devices from D-Link and other manufacturers might be affected.

The vulnerability is actually in ZynOS, a router firmware developed by ZyXEL Communications that's used in products from multiple networking equipment manufacturers, including D-Link, TP-Link Technologies and ZTE, Donev said via email.

Attackers don't need to have access credentials for the affected devices in order to exploit the vulnerability, but do need to be able to reach their Web-based administration interfaces, he said.

If the administration interface is exposed to the Internet -- routers are sometimes configured in this way for remote administration -- the risk of exploitation is higher. But even if it's only accessible from within the local area network, hackers can still use cross-site request forgery (CSRF) techniques to reach a router's interface.

CSRF attacks hijack users' browsers to perform unauthorized actions when they visit compromised sites or click on malicious links. Rogue code loaded from a website can instruct a browser to send specially crafted HTTP requests to LAN IP addresses that are usually associated with routers.

Large scale CSRF attacks against router owners that were designed to replace DNS servers configured on their devices with servers controlled by attackers were observed on the Internet in the past.

DNS servers have an important role. They translate website names that humans can understand into numerical IP addresses that computers use to speak with each other. If a router uses a malicious DNS server, attackers can direct computers served by that router to rogue servers when they attempt to access legitimate websites.

In March 2014, Internet security research organization Team Cymru uncovered a global attack campaign that compromised over 300,000 home routers and changed their DNS settings. A different vulnerability in ZynOS was exploited in that attack and one of the techniques used was likely CSRF.

Donev did not report the vulnerability to D-Link and as far as he knows it is currently a zero-day -- a name given to publicly disclosed, but unpatched vulnerabilities.

D-Link did not immediately respond to a request for comment sent Tuesday.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Ethical HackerTp-link Technologiesonline safetysecurityAccess control and authenticationZTEZyXEL CommunicationsD-LinkExploits / vulnerabilitiesintrusion

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?