D-Link routers vulnerable to DNS hijacking

At least one and likely more D-Link routers as well as those of other manufacturers using the same firmware are vulnerable to remote changing of DNS settings and, effectively, traffic hijacking, a Bulgarian security researcher has discovered.

Todor Donev, a member of the Ethical Hacker research team, says that the vulnerability is found in the ZynOS firmware of the device, D-Link’s DSL-2740R ADSL modem/wireless router. 

The firmware in question is implemented in many networking equipment manufactured by D-Link, TP-Link Technologies and ZTE, he noted for Computerworld.