Full advisory -
https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10091
Overview On August 10, 2018, Radware disclosed that D-Link Brand DSL Gateways maybe suseptible to DNS security vulnerabilites. D-Link is aware and is investigating this report.
Affected Products Currently, D-Link has been informed that the following Non-US D-Link Branded Devices may be affected:
DSL-2740R
DSL-2640B
DSL-2780B
DSL-2730B
DSL-526B
Recommendations To mitigate risks, please ensure your connected devices are running the most up-to-date firmware (https://support.dlink.com) and are secured with a strong passwords. An additional or alternative defense for this specific issue is not to alllow devices to get their DNS infomration from the gateway. To disable the use of the gateway DNS settings from being used, configure each connected device to use a trusted DNS server, such as 1.1.1.1 from Cloudflare or 8.8.8.8 from Google. These settings, which are made in the operating system of the connecting device, will override any settings made by the gateway.
D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and help providet appropriate security measures. D-Link will continuously provide updates signed using our new digital certificates.
Author
Topic: Radware Disclosure - DNS setting vulnerabile on DSL Devices (Read 3466 times)