D-Link Routers Vulnerable To DNS Hijacking

An anonymous reader writes At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered. Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link's DSL-2740R ADSL modem/wireless router. The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE.

Re:Manual config

[wierd_w]

The hardware isnt all that bad most of the time, it's the shitty horrible firmwares they run.

Frequently, it's an old, horribly butchered hackjob of openwrt under there these days. Something unholy running a 2.6 era kernel, and with drivers with more hacked patches attached than a 4th century beggar's clothes.

Getting that old filth flushed out and replaced with something properly maintained is a GOOD thing. The router (hw wise) itself usually isnt all that bad.

Netgear tends to be a bit better, but overpriced. Belkin can go die in a fire though.

Why leave remote administration on?

[ciscoguy01]

Why leave remote administration on?
I would avoid opening the web UI of any home router on the WAN side.
It's mostly unnecessary and a needless security exposure.

Re:Every day

[FatdogHaiku]

When a binary and an analog love each other, that's all that matters.
How they compile in the privacy of their home is no ones business.
And soon you may hear the pitter patter of little dependencies...