Sophos Cloud Optix
D-Link’s DSL-2740R router is susceptible to traffic rerouting and DNS hijacking, according to Bulgarian security researcher Todor Denev.
Unfortunately, Denev went public with his discovery before alerting D-Link or any other potentially affected manufacturer, in what could be argued to be an irresponsible form of disclosure.
The DSL-2740R is no longer a member of D-Link’s current line-up but is still supported.
At the time of writing, the product’s support page – perhaps unsurprisingly thanks to a lack of prior contact with Donev – makes no mention of the alleged vulnerability and the only security related information attached to the device comes via a FAQ which merely states which wireless security standards the product supports.
Donev says the vulnerability lies in the ZynOS firmware used by the modem/wireless router. The popularity of ZynOS means other routers manufactured by D-Link, as well as devices from TP-Link Technologies and ZTE, may also be at risk.
The flaw apparently allows an attacker to access the device’s web interface without the need for authentication.
If an administration panel is exposed to the internet – and we strongly recommend that you don’t do this! – then outsiders may be able to access and reconfigure your device’s DNS setting from afar.
Messing with your DNS settings is a simple but effective way for cybercrooks to direct you to imposter sites, replace adverts on legitimate sites, and even to block or redirect network traffic to keep you away from things like security updates.
This isn’t the first time for either D-Link or ZynOS.
In March 2014 Team Cymru, an internet security research organisation, discovered a network containing more than 300,000 compromised routers.
Prior to that, another D-Link security hole was found – “Joel’s Backdoor“, which provided easy backdoor access to the administration interface on a number of the company’s routers.
But of course it’s not only D-Link routers which have had their issues – in January 2014 we reported how Sercomm products, which include routers under the Linksys and Netgear brands, had their own issues surrounding unauthorised admin access.
Image of router courtesy of Shutterstock.
Given the ever increasing reports of WiFi routers having fundamental security flaws I’m starting to wonder how ‘Secure’ most of us are.
Is there a website (or other resource) that lists which routers are ‘less secure’ than they should be?
I imagine many people are like me, looking at the WiFi router and wondering if it is secure and/or how to tell.
One of my routers is a few years (5) old. Despite configuring it to be secure, I’m unsure what exploits and hacks may exist for it.
I should replace my WiFi router, but with what? No vendor/retailer is going to disclose that their product has a security hole. So how do I know whether a new router is going to be any more secure than what I have now?
Where can we find Denev’s post or more info?
D-Link has been on my black list for a while, so it won’t affect me. But, I feel the pain of other owners.
However, my pain may help some of you out: If you ever need to upgrade the firmware, don’t follow their instructions. Get their tech support on the line and have them walk you through the process.
This isn’t because the instructions are wrong. It’s because they don’t always work, and they leave you with a non-functioning device that D-Link will refuse to fix. The tech I talked to said “you shouldn’t do that”, and then refused to work further with me. After a few more calls with similar responses, they stopped taking my calls.
This was all due to a problem they knew about 2 years earlier, but never fixed. So, if YOU break their router, they seem to think they’re absolved of responsibility. Perhaps if they are walking you through the process, they may admit responsibility, so you don’t end up with a $300 brick, like I did.
Just a minor correction – Linksys should not have a capital ‘S’.
Fixed, thanks.
I am not sure if this fix will apply to DSL-2740R, but it fixed the issue on Dlink 2520U.
Fix for DNS hijacking issue on Dlink DSL 2520U.
Go to the modem interface. Click on Advance – Remote Management. Under Remote Management settings, tick the
Enable Remote Management option. Leave the Remote Admin Port at the default 80. Select the Deny All option for Remote Admin Inbound Filter. The next options Details automatically becomes No one is allowed. Click on on Apply settings and restart the modem. The dns server will never get changed now or hijacked. Before I enabled Remote Management, the dns server would get hijacked and change daily or sometimes within a couple of hours and my internet performance and speed decreased till i changed the dns server manually.
The dns server on my modem is now unchanged for a month now since I enabled the Remote Management settings.