We recently had the following problem with a R190W router at a customer’s business.
A customer using the R190W’s WIFI via her personal laptop received a scam email. She stupidly clicked on the link that was shown in the scammer’s email.
After the user did that, the link that she clicked on changed the two legitimate static WAN DNS address that we had previously set up in the R190W to new DNS IP address located in China.
In a nutshell, the two new static IP’s redirected all outbound traffic on the business’ wired and wireless network directed all outbound traffic via the R190W router to a server in China.
After that, every web site that anyone on the LAN network tried to view was directed to the scammer’s server in China - which then forwarded their request to the URL that they actually typed in.
In other words, after the change, all data that the users typed in their computers was being recorded by the scammer’s server in China. Not good, especially when one of the business users were trying to log into their on-line bank account.
The change in DNS addresses was done without anyone in the business knowing the username and password of the R190W login.
How can the CnPilot’s settings be locked down, so this cannot happen again?