Region : Argentina

Model : TD-W8968

Hardware Version : V3

Firmware Version :

ISP :

Hi!

I work at a major ISP in Argentina, we use among others the TD-W8151N router modem.

Thousands of our costumers are experiencing troubles relating with some kind of attack from a virus or "exploit" that do the following:

1.- Changes the DNS server to some "fake" servers ( 68.168.98.196 and 216.55.138.88 in our case )
2.- Disables the Physical ports of the DHCP server, LAN, Interfaces setup section.

I read some "old" articles with scary news:

http://www.pcworld.com/article/2104380/attack-campaign-compromises-300000-home-routers-alters-dns-settings.html

http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/

https://www.youtube.com/watch?v=pz9cZtdOrT8

Here my questions:

1- Does the last firmware fix this issue?
2- Where can we get that?
3- There are any tool to remotely fix thousand of devices firmwares?


I try to run an script to set the right configuration:

[CODE]set lan dhcp server
set lan dhcpdns a.c.d.c e.f.g.h[/CODE]

but did not find yet the commands to enable the Physical port at LAN interface.

4- Which command I need to run to enable the port?

Here the screenshot of a attacked device.