Security researchers at Indiana University and Symantec have discovered a new vulnerability in the broadband router, both wired and wireless, that will allow hackers to change the default password and direct the browsers to phishing sites.

Security experts say that hackers can change the DNS (Domain Name Server) settings of the routers by using a simple JavaScript code. This will allow the hackers to direct the users to a webpage that is similar to the page that the user had intended to go to, but infact is a phishing page that has been created to steal private data.

All the internet traffic from the affected system will then pass through the DNS server created by the hacker. Security experts say that the attack can be possible on any type of router, but only if the default password has not been changed.

Says Zulfikar Ramzan, a researcher at Symantec, "I have been able to get this to work on Linksys, D-Link and Netgear routers. You can create one Web site that is able to attack all routers. My feeling is that it is just a matter of time before phishers start using this. One of the issues is that the set-up steps in the router don't prompt you to change the password."

Jeremiah Grossman, chief technology officer at WhiteHat Security believes that router makers know that the default password can be used by attackers to hack into a computer. On its website, Linksys has warned its users about the dangers of using a default password.

"Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device's password so it will be hard to guess", the statement read.