A German beveiligingsonderzoeker warns owners of four different routers from the company TP-Link to their firmware version to check and, if necessary, to update the software. Hackers would be a bug asset abuses which the dns server is easy to change.
Beveiligingsonderzoeker Jakob Lell reports on his blog that the firmware of four router models vulnerable. It comes to the TP-Link WR1043ND V1, TL-MR3020, TL-WDR3600 and WR710N. These routers contain a bug in the firmware which via a relatively simple javascript-exploit the dns server can be changed.
Lell said that he is a server designed as a ‘honeypot’ by a vulnerable router from TP-Link to emulate. Thus he discovered at least five websites which, via a targeted exploit the dns server was changed. This allows an attacker, among other passwords city by allowing users to route to sites with malware. Also can traffic be intercepted or advertisements on sites can be changed to other ad servers.
The beveiligingsonderzoeker allows users such router from TP-Link offer as soon as possible, the latest firmware should install. Also describes the German, a method which is relatively fast to check whether a router is vulnerable.