Strike ID:
E19-0wk51
CVSS:
6.4 (AV:N/AC:L/Au:N/C:P/I:N/A:P)
False Positive:
t
Variants:
9
Year:
2017

Description

This strike emulates remote DNS hijack attacks for several D-LINK routers. The vulnerability resides in the dnscfg.cgi script and is due to lack of authentication on server-side. A remote unauthenticated attacker may change the DNS configuration of the router which can result in man-in-the-middle attacks and information disclosure.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}