DNS settings on some router models by D-Link can be modified without permission via the administration menu, from the web.
Για την αλλαγή αυτή και την επίθεση, ουσιαστικά, δεν απαιτείται έλεγχος ταυτότητας, και μπορεί να χρησιμοποιηθεί για να ανακατευθύνει τους χρήστες σε κακόβουλες online τοποθεσίες, με επικίνδυνα script or even on phishing pages.
The report created by Todor Donev, a member of the Bulgarian Security Research Group Ethical Hacker, aims to establish a community of professionals that bring innovation to the field of computer security.
His research focused mainly on device of D-Link DSL-2740R, but according to the report published on Tuesday, other routers from the same manufacturer are also affected by this vulnerability. However, the researcher did not provide a list of the affected devices.
It's unclear if Donev contacted D-Link about the matter, as there's no word on an official release from the company's side about the problem. According to the official websiteσελίδα of the company, the DSL-2740R has been discontinued, meaning it is no longer for sale.
However, although the production of the model has stopped, it can still receive support, since the models being released and used are still covered by the manufacturer's warranty.
Technology DNS, is responsible for translation of domains to their IP addresses server hosting the websites. If the device is set to connect to one server DNS that manage scammers, the content the user sees will not be normal.
