D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change

Details of BNVL-2018-0052

What does the BNVL label mean?

BitNinja Server Security's BNVL identifiers are intended for use to identify publicly known information security vulnerabilities in publicly released software packages. This project was designed to collect and analyze attack information from the BitNinja network after cluster analyzis by the AI-powered Attack Vector Miner. More than 100 vulnerabilty types have been discovered with this project so far, so we decided to publish this platform to help keeping Linux server owners up-to-date.

Important! All listed BNVL vulnerabilities are protected by BitNinja PRO, so please check your configurations if your infrastructure is affected by any of them.

Syntax for BNVL labels:

BNVL prefix + Year + Arbitrary Digits

BNVL identifiers are free to use in any related security reports, web pages or e-mails.

Name: D-Link DSL-2640B ADSL Router - 'dnscfg' Remote DNS Change

CVE ID: (Not set)

Related links:

Description: The vulnerability exist in the web interface, which is accessible without authentication. Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices who try to access certain sites are instead redirected to possibly malicious sites. Modifying systems' DNS settings allows cybercriminals to perform malicious activities like: o Steering unknowing users to bad sites: These sites can be phishing pages that spoof well-known sites in order to trick users into handing out sensitive information. o Replacing ads on legitimate sites: Visiting certain sites can serve users with infected systems a different set of ads from those whose systems are not infected. o Controlling and redirecting network traffic: Users of infected systems may not be granted access to download important OS and software updates from vendors like Microsoft and from their respective security vendors. o Pushing additional malware: Infected systems are more prone to other malware infections (e.g., FAKEAV infection).

Incident volume (Last 14 days)