Support Announcements
Radware Disclosure :: DNS setting vulnerabile on DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B, and DSL-526B

Overview

 

On August 10, 2018, Radware disclosed that D-Link Brand DSL Gateways maybe suseptible to DNS security vulnerabilites. D-Link is aware and is investigating this report.

 

Disclosure

 

  • Pascal Geenens - IoT Hackers Trick Brazilian Bank Customers into Providing Sensitive Information : Here

 

Affected Products

 

Currently, D-Link has been informed that the following Non-US D-Link Branded Devices may be affected:

 

  • DSL-2740R 
  • DSL-2640B 
  • DSL-2780B
  • DSL-2730B
  • DSL-526B

 

Recommendations

 

To mitigate risks, please ensure your connected devices are running the most up-to-date firmware (https://support.dlink.com) and are secured with a strong passwords. An additional or alternative defense for this specific issue is not to alllow devices to get their DNS infomration from the gateway. To disable the use of the gateway DNS settings from being used, configure each connected device to use a trusted DNS server, such as 1.1.1.1 from Cloudflare or 8.8.8.8 from Google. These settings, which are made in the operating system of the connecting device, will override any settings made by the gateway.

 

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and help providet appropriate security measures. D-Link will continuously provide updates signed using our new digital certificates.