DNS settings on some router models by D-Link can be modified without permission via the administration menu, from the web.
For this change and attack, virtually no authentication is required, and can be used to redirect users to malicious online sites, dangerous scripts, or even phishing pages.
The report created by Todor Donev, a member of the Bulgarian Security Research Group Ethical Hacker, aims to establish a community of professionals that bring innovation to the field of computer security.
His research focused mainly on the D-Link DSL-2740R, but according to the report released on Tuesday, other routers from the same manufacturer are affected by this vulnerability. But the researcher did not list the affected devices.
It is unclear whether Donev contacted D-Link on the matter, as there is no information about an official release from the company on the issue. According to the company's official website, the DSL-2740R has been scrapped, which means it is no longer for sale.
However, although the production of the model has stopped, it can still receive support, since the models being released and used are still covered by the manufacturer's warranty.
Technology DNS, is responsible for translating domains into their IP addresses server hosting the websites. If the device is set to connect to one server DNS that manage scammers, the content the user sees will not be normal.