D-Link DSL-2640R – DNS Change

• Exploit Database
• 143 阅读

• 作者： Todor Donev
  日期： 2018-01-17
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/43678/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55

  # # #D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability # #Firmware Version: UK_1.06 Hardware Version: B1 # #Copyright 2018 (c) Todor Donev <todor.donev at gmail.com> # #https://ethical-hacker.org/ #https://facebook.com/ethicalhackerorg/ # #Description: #The vulnerability exist in the web interface. #D-Link&apos;s various routers are susceptible to unauthorized DNS change. #The problem is when entering an invalid / wrong user and password. # #ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link #DEVICES MAY AFFECTED. # #Once modified, systems use foreign DNS servers,which are #usually set up by cybercriminals. Users with vulnerable #systems or devices who try to access certain sites are #instead redirected to possibly malicious sites. # #Modifying systems&apos; DNS settings allows cybercriminals to #perform malicious activities like: # #oSteering unknowing users to bad sites: # These sites can be phishing pages that # spoof well-known sites in order to # trick users into handing out sensitive # information. # #oReplacing ads on legitimate sites: # Visiting certain sites can serve users # with infected systems a different set # of ads from those whose systems are # not infected. # #oControlling and redirecting network traffic: # Users of infected systems may not be granted # access to download important OS and software # updates from vendors like Microsoft and from # their respective security vendors. # #oPushing additional malware: # Infected systems are more prone to other # malware infections (e.g., FAKEAV infection). # #   Proof of Concept:   http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS>