DNS settings on some router models by D-Link can be modified without permission via the administration menu, from the web.
For the change this attack essentially requires no authentication, and can be used to redirect users to malicious online sites, with dangerous scripts or even phishing pages.
The resulting report was published by Todor Donev, a member of the Bulgarian security research group Ethical Hacker, whose goal is to establish a community of professionals who bring innovation to the field of better safetyof computers.
His investigation focused mainly on the D-Link DSL-2740R device, but according to the report published on Tuesday, other routers from the same manufacturer are also affected by this vulnerability. But the researcher did not give a list of them Appliances affected.
It's unclear if Donev contacted D-Link about it theme, as there is no information about an official release from the company's side about the problem. According to the company's official website, the DSL-2740R has been discontinued, which means it is no longer for sale.
However, although the production of the model has stopped, it can still receive support, since the models being released and used are still covered by the manufacturer's warranty.
Technology DNS, is responsible for translating domains into their IP addresses server hosting the websites. If the device is set to connect to one server DNS that manage scammers, the content the user sees will not be normal.