heise Security -30 November 2012,
A whole range of Arcor, Asus and TP-Link routers are vulnerable to being reconfigured remotely without authorisation. On his blog, security researcher Bogdan Calin demonstrates that just displaying an email within the router's own network can have far-reaching consequences: when opened, his specially crafted test email reconfigures the wireless router so that it redirects the user's internet data traffic. An attacker could exploit this to, for example, redirect unwitting users to a phishing site and harvest their details when they are trying to log into facebook.com.
The attack uses the Cross-Site Request Forgery (CSRF) technique. Calin embedded images whose source URL (src=) points to the router's default IP address (often 192.168.1.1) in his HTML test email. The URL contains parameters that instruct the router's web interface to modify the DNS server configuration. As the URL also contains the admin password for the web interface, the attack will only be successful if the user has left the default password unchanged. A full CSRF URL could look something like this:
http :// admin:password@ 192.168.1.1/start_apply.htm?dnsserver=66.66.66.66
http://www.h-online.com/security/news/item/Email-hacks-router-1759874.html Bogdan Calin BlogThe email that hacks you video
