Massive intrussion on TD8951ND and others
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Massive intrussion on TD8951ND and others
Region : Spain
Model : TD-W8951ND
Hardware Version : V5
Firmware Version : 110729
ISP :
There is a major fault in all the firmware versions for TD-W8951ND and others that allow a remote attacker to download your configuration file unauthenticated (just browsing to http://your_ip/rom-0
With that file they can get your router password and change any setting they wish, for example the dns servers to spoof your traffic and send you through scam sites. There's no fix other than limiting the remote access on the routers. See this link for more information:
http://rootatnasro.wordpress.com/2014/01/11/how-i-saved-your-a-from-the-zynos-rom-0-attack-full-disclosure/
Model : TD-W8951ND
Hardware Version : V5
Firmware Version : 110729
ISP :
There is a major fault in all the firmware versions for TD-W8951ND and others that allow a remote attacker to download your configuration file unauthenticated (just browsing to http://your_ip/rom-0
With that file they can get your router password and change any setting they wish, for example the dns servers to spoof your traffic and send you through scam sites. There's no fix other than limiting the remote access on the routers. See this link for more information:
http://rootatnasro.wordpress.com/2014/01/11/how-i-saved-your-a-from-the-zynos-rom-0-attack-full-disclosure/