You see this notification on the Trend Micro Home Network Security app:
"Authentication Bypass DNS Change"
Why did this happen?
An unauthenticated remote DNS change was detected on your D-Link device (DSL-2730B AU_2.01).
The exploit allows unauthenticated remote configuration of DNS server settings on the modem router in a form of a CGI script (dnscfg.cgi).
What are its risks?
- Makes the users suffer financial and private data losses through this malicious hijacking attack.
- Allows an attacker to bypass authentication and change the DNS. When the administrator is logged in the web management interface, an attacker may completely bypass the authentication phase and connect to the web management interface with administrator's credentials.
- External attacker can connect to the router's public IP address if remote management is enabled.
What should I do next?
- Apply the most recent patch or firmware updates from your router’s vendor website and allow only trusted users to have network access. Show me how.
- Change the default password of the router and create a much stronger password. Check your router’s manual or handbook for the instructions on changing your router’s password. Show me how.
- Check the primary and secondary DNS server settings of your mobile devices, computers, and router in the IP configuration.
What if I have more questions?
For more information, check out: