A security researcher has devised a special attack that can be used to access the LAN-facing admin interfaces of many widely used home router models. The technique is a variation of DNS rebinding, but is able to bypass traditional protections against such attacks.
The attack method will be demonstrated at the upcoming Black Hat technical security conference in Las Vegas, by a ethical hacker named Craig Heffner, who currently works as a senior security engineer at Seismic. Heffner's presentation, called “How to Hack Millions of Routers” will be accompanied by the release of a tool which automates the attack.
According to the presentation notes
this tool “allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials.”