D-Link routers vulnerable to DNS hijacking

Router. Image courtesy of Shutterstock.

Router. Image courtesy of Shutterstock.D-Link’s DSL-2740R router is susceptible to traffic rerouting and DNS hijacking, according to Bulgarian security researcher Todor Denev.

Unfortunately, Denev went public with his discovery before alerting D-Link or any other potentially affected manufacturer, in what could be argued to be an irresponsible form of disclosure.

The DSL-2740R is no longer a member of D-Link’s current line-up but is still supported.

At the time of writing, the product’s support page – perhaps unsurprisingly thanks to a lack of prior contact with Donev – makes no mention of the alleged vulnerability and the only security related information attached to the device comes via a FAQ which merely states which wireless security standards the product supports.

Donev says the vulnerability lies in the ZynOS firmware used by the modem/wireless router. The popularity of ZynOS means other routers manufactured by D-Link, as well as devices from TP-Link Technologies and ZTE, may also be at risk.

The flaw apparently allows an attacker to access the device’s web interface without the need for authentication.

If an administration panel is exposed to the internet – and we strongly recommend that you don’t do this! – then outsiders may be able to access and reconfigure your device’s DNS setting from afar.

Messing with your DNS settings is a simple but effective way for cybercrooks to direct you to imposter sites, replace adverts on legitimate sites, and even to block or redirect network traffic to keep you away from things like security updates.

This isn’t the first time for either D-Link or ZynOS.

In March 2014 Team Cymru, an internet security research organisation, discovered a network containing more than 300,000 compromised routers.

Prior to that, another D-Link security hole was found – “Joel’s Backdoor“, which provided easy backdoor access to the administration interface on a number of the company’s routers.

But of course it’s not only D-Link routers which have had their issues – in January 2014 we reported how Sercomm products, which include routers under the Linksys and Netgear brands, had their own issues surrounding unauthorised admin access.

Image of router courtesy of Shutterstock.