• May 22, 2019, 11:54:07 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Radware Disclosure - DNS setting vulnerabile on DSL Devices  (Read 1054 times)

GreenBay42

  • Administrator
  • Level 10 Member
  • *
  • Posts: 2052
Radware Disclosure - DNS setting vulnerabile on DSL Devices
« on: August 13, 2018, 08:47:59 PM »


Full advisory - https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10091



Overview

On August 10, 2018, Radware disclosed that D-Link Brand DSL Gateways maybe suseptible to DNS security vulnerabilites. D-Link is aware and is investigating this report.

Affected Products

Currently, D-Link has been informed that the following Non-US D-Link Branded Devices may be affected:

DSL-2740R
DSL-2640B
DSL-2780B
DSL-2730B
DSL-526B
 

Recommendations

To mitigate risks, please ensure your connected devices are running the most up-to-date firmware (https://support.dlink.com) and are secured with a strong passwords. An additional or alternative defense for this specific issue is not to alllow devices to get their DNS infomration from the gateway. To disable the use of the gateway DNS settings from being used, configure each connected device to use a trusted DNS server, such as 1.1.1.1 from Cloudflare or 8.8.8.8 from Google. These settings, which are made in the operating system of the connecting device, will override any settings made by the gateway.



D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and help providet appropriate security measures. D-Link will continuously provide updates signed using our new digital certificates.
Logged