If you haven’t changed the default password on your home router, let this recent threat serve as a reminder.

Attackers could change the configuration of home routers using
JavaScript code, security researchers at Indiana University and
Symantec have discovered. The researchers first published their work in December, but Symantec publicized the findings on Thursday.

The researchers found that it is possible to change the DNS, or
Domain Name System, settings of a router if the owner uses a connected
PC to view a Web page with the JavaScript code. This DNS change lets
the attacker divert all the Net traffic going through the router. For
example, if the victim types in “www.mybank.com,” the request could be
sent to a similar-looking fake page created to steal sensitive data.

Story continues at news.com.com