Tuesday, February 3, 2015

D-Link Router Vulnerability - CONFIRMED

D-Link’s popular DSL2740R wireless router is vulnerable to domain name system (DNS) hijacking exploits that requiring no authentication to access its administrative interface.

According to Todor Donev of the Belgian security firm Ethical Hacker, a number of other D-Link routers are affected by this bug as well, particularly the DLS-320B. PCWorld is reporting that the vulnerability exists in a widely deployed piece of router firmware called ZynOS, which is developed by ZuXEL Communications Corporation.

The troubling part of this issue is that it appears as though this and a few other bugs are allowing law enforcement to monitor the activities of individuals utilizing this hardware. We previously reported on similar vulnerabilities with Linksys hardware that allows similar interception without the end user being aware and allows Cisco to monitor customer usage of devices. For this reason we do not allow Cisco or Linksys hardware in our secured networking environment.

No comments:

Post a Comment