A vulnerability in Zyxeltech’s ZynOS firmware, which is used in numerous DSL routers globally, is exposing many of the devices to a DNS hijacking attack.
Todor Donev, a member of the Bulgarian security research group Ethical Hacker, revealed the vulnerability which allows hackers to change the DNS settings on routers running the ZynOS firmware.
“The vulnerability exists in the web interface, which is accessible without authentication,” said Donev.
“Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals,” Donev explained.
Compromised routers will allow hackers to redirect a user’s traffic to malicious sites, and steal personal information.
A user accessing a banking site, for example, may be redirected to a phishing site which will gather sensitive information.
Other attacks may include pushing malware to users, and even replacing ads on legitimate sites.
According to The Stack, the attack will “work most easily on affected routers which are configured for remote administration, but can also be implemented via Cross-Site Request Forgery (CSRF)”.
Some of the routers affected include D-Link’s DSL-2740R ADSL router, as well as DSL routers from TP-Link and ZTE.