GhostDNS Malware Security

Security Vulnerability
01-15-2020

We at TP-Link are aware of the GhostDNS security vulnerability reported by Chinese researchers from Qihoo 360 Netlab.

According to the reports, GhostDNS scans for the IP addresses of routers that use weak passwords or no password at all, accesses the routers’ settings, and then changes the default DNS address to the one controlled by the attackers.

Thus, to protect against this possible malware, we highly recommend our customers to take the following steps:

1. If you are concerned that your router has been attacked, restore your router to factory default settings.

2. Make sure you are running the latest firmware version on your router to prevent any older vulnerabilities from being exploited.

You can check if the firmware running on your router is latest or not via this link: https://www.tp-link.com/support/download/

3. Change the default password to a more complex one to keep attackers from accessing the router’s settings.

For the detailed configuration methods, you can refer to this link: https://www.tp-link.com/support/faq/73/

4. If you do not require the remote management feature, please disable to reduce the risk of external attacks.

5. Change the LAN subnet to a less frequently used one, such as 192.168.202.0/24, to reduce the possibility of an internal attack.

If there is still any confusion regarding this vulnerability, please contact TP-Link through the support page on the official website at https://www.tp-link.com/support/.

Please Rate this Bulletin