D-Link Router Command Injection Flaw Actively Explo
D-Link has officially acknowledged unauthenticated command injection vulnerabilities impacting several of its Router Command Injectiondeployed globally. Active exploitation campaigns using DNS...
D-Link has officially acknowledged unauthenticated command injection vulnerabilities impacting several of its Router Command Injectiondeployed globally.
Active exploitation campaigns using DNS hijacking have been documented since late 2016, with threat actors continuing malicious activities through 2019 and beyond.
Multiple D-Link router models remain vulnerable to remote DNS modification attacks through unauthenticated web interfaces.
The vulnerabilities allow attackers to change Domain Name Server settings without authentication, redirecting user traffic to malicious infrastructure.
Exploitation Campaign Details
Security researchers have documented ongoing exploitation campaigns targeting home users and enterprise networks across multiple continents.
The affected routers lack proper input validation in their web configuration interfaces, allowing attackers to manipulate critical network settings remotely.
This vulnerability class poses a significant risk for DNS hijacking, malware distribution, and traffic interception. An extensive malvertising campaign first reported in December 2016 targeted at least 166 router models across multiple manufacturers, including D-Link.
Threat actors leveraged DNS hijacking to redirect users toward malicious advertisement servers and phishing infrastructure.
Security researchers discovered that attackers maintained persistent control over compromised routers by modifying DNS configurations, effectively intercepting all user traffic.
By April 2019, threat intelligence teams documented ongoing DNS hijacking activities targeting D-Link routers for three consecutive months.
Attackers utilized Google Cloud Platform infrastructure to launch attacks, distributing the DNSChanger malware variant. The vulnerability’s severity increased as threat actors developed automation tools and publicly disclosed exploits.
Affected Products and Firmware Versions
The following D-Link router models contain unauthenticated DNS modification vulnerabilities:
| Model | Hardware Revision | Region | Affected Firmware | CVE/Exploit-DB |
|---|---|---|---|---|
| DSL-2740R | All Rev. A | Europe | EU v1.15 and older | EDB-35917 |
| DSL-2640B | All Rev. T | Malaysia | GE v1.07 and older | EDB-42197 |
| DSL-2780B | All Rev. A | AU/NZ/EU | v1.01.14 and older | EDB-37237 |
| DSL-526B | All Rev. B | Australia | AU v2.01 and older | EDB-37241 |
Note: These models are primarily deployed outside the United States through regional carriers using custom firmware configurations.
D-Link recommends users perform factory resets, establish unique administrative passwords, and manually configure DNS settings using trusted providers.
Contact your regional carrier for official firmware patches. Alternatively, configure DNS servers directly through the device’s web interface at http://192.168.0.1 using Google DNS (8.8.8.8) or Cloudflare DNS (1.1.1.1).
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.
No Comment! Be the first one.