CVE-2020-13960

Name of the Vulnerable Software and Affected Versions D-Link DSL 2730-U versions IN 1.10 through IN 1.11 D-Link DIR-600M version 3.04

Description The issue allows remote attackers to provide valid DNS responses for names that would have otherwise resulted in an NXDOMAIN error. This is possible by registering a subdomain of the domain.name domain name, which is included in the DNS resolver search path by default. Attackers can also offer Internet services such as HTTP for these names.

Recommendations For D-Link DSL 2730-U versions IN 1.10 through IN 1.11, remove the domain.name string from the DNS resolver search path. For D-Link DIR-600M version 3.04, remove the domain.name string from the DNS resolver search path. As a temporary workaround, consider restricting access to the DNS resolver to minimize the risk of exploitation.