Certain TP-Link wireless routers feature a vulnerability that leaves them open to DNS hijacking attacks, a researcher has found.Researcher Jakob Lell uncovered the cross-site request forgery flaw, which could allow attackers to manipulate a vulnerable router's upstream DNS server when a user browses to a malicious site.
Lell said he had found five different websites hosting the exploit and said there were likely to be more. He didn't reveal which sites had been affected and said it wasn't clear what the attackers planned on doing with the malicious servers.
Lell's disclosure comes after another researcher warned that many domestic wireless routers contain unpatched security holes.
D-Link, Tenda and Netgear were all forced to issue patches in response to flaws that could allow hackers to bypass their routers' authentication bypass processes. However, none of the researchers who disclosed the flaws said they had found real-world examples of the exploits.
Read more:
http://www.pcpro.co.uk/news/security/385105/tp-link-router-exploit-spotted-in-the-wild
Topic: TP-Link router exploit spotted in the wild (Read 3199 times)