D-Link Router DNS Hijacking Vulnerability (SAP10118) and Firmware Patch Guide

Key Information Vulnerability Name: DNS Changer :: DNS Hijacking Vulnerability Vulnerability ID: SAP10118 Release Date: July 22, 2019 Last Updated: July 22, 2019 Affected Scope: Over 100,000 routers, including consumer-grade and carrier-grade IP routers, such as D-Link products and other brands identified by Netlab Vulnerability Description: - GhostDNS, an upgraded version of DNSChanger, attacks routers by guessing default passwords for router management interfaces or exploiting the vulnerability, modifying DNS settings to redirect legitimate requests to malicious websites. - Three versions of DNSChanger: DNSChanger Shell, DNSChanger Js, and PyPhp DNSChanger. The latter is the primary module, deployed on over 100 servers, primarily running on Google Cloud. Affected D-Link Products DNSChanger Shell-affected products: - DSL-2640T (non-US models, end-of-service) - DSL-2740R (non-US models, end-of-service) - DSL-500 (non-US models, end-of-service) - DSL-500G / 502G (non-US and US models, end-of-service) DNSChanger Js-affected products: - DIR-905L (non-US models, end-of-service) PyPhp DNSChanger-affected products: - DIR-600 (US and non-US models, end-of-service) - DIR-608 (non-US models, firmware update required) - DIR-610 (non-US models, firmware update required) - DIR-615 (non-US models, firmware update required) - DIR-905L (non-US models, end-of-service) - ShareCenter (US models, end-of-service) Security Updates: - Firmware updates or download links provided for various affected product models - For high-end hardware products ReV Tx :: firmware update patches are available Recommended Actions D-Link recommends affected users update to the latest security patches. If issues arise, users should contact technical support or seek further assistance.

Goal Reached Thanks to every supporter — we hit 100%!

D-Link Router DNS Hijacking Vulnerability (SAP10118) and Firmware Patch Guide