###D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability##Firmware Version: UK_1.06 Hardware Version: B1##Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>##https://ethical-hacker.org/#https://facebook.com/ethicalhackerorg/##Description:#The vulnerability exist in the web interface.#D-Link's various routers are susceptible to unauthorized DNS change. #The problem is when entering an invalid / wrong user and password.##ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link #DEVICES MAY AFFECTED.##Once modified, systems use foreign DNS servers,which are #usually set up by cybercriminals. Users with vulnerable #systems or devices who try to access certain sites are #instead redirected to possibly malicious sites.##Modifying systems' DNS settings allows cybercriminals to #perform malicious activities like:##oSteering unknowing users to bad sites: # These sites can be phishing pages that # spoof well-known sites in order to # trick users into handing out sensitive # information.##oReplacing ads on legitimate sites: # Visiting certain sites can serve users # with infected systems a different set # of ads from those whose systems are # not infected.# #oControlling and redirecting network traffic: # Users of infected systems may not be granted # access to download important OS and software # updates from vendors like Microsoft and from # their respective security vendors.##oPushing additional malware: # Infected systems are more prone to other # malware infections (e.g., FAKEAV infection).##
Proof of Concept:
http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS>
