NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DnsMasq heap buffer overflow vulnerability on RDR50
Avast network security scan is telling me that I have a "DnsMasq heap buffer overflow vulnerability", reference CVE-2017-14491, and that I should upgrade to the latest firmware. I am already running the latest firmware for this router and can see that this issue has been outstanding since last October. Can you tell me if the issue has been fixed by a previous firmware update (and if this is a false positive on the Avast side), or if this is genuinely still an issue with the RDR50 device?
4 Replies
Hello Delboy74,
Thank you for your feedback.I have forwarded this information to our engineering team and will provide you with an update as soon as possible. In the meantime, I would recommend reporting this vulnerability using the link below:
https://www.netgear.com/about/security/default.aspx
Best regards,
Christian
Christian,
Putting is K.I.S.S. Netgear must update dnsmasq to v2.78 (or newer) on all Orbi Pro, Orbi, Nighthawk, Wireless AC routers, Wireless routers, Cable routers, ... Netgear has missed > 10 months ignoring the required mandatory updates on most products. It's not relevant if the Netgear engineering stating that the vulnerability can't be exploited - these vulnerability checkers are testing for the dnsmask version, so there is no way around the update. Don't know why this is sooooo difficult. Not doing so does only leave a very poor impression on Netgears handling of open source code updates.
It can't be Netgear owners (mostly consumers and users) have to report vulnerabilities on well known issues.
Regards,
-Kurt
That's really not an acceptable response to my question. I searched lots of posts from other people asking similar questions over the last ten months and they all received the same response. Thankfully, my product was only a few weeks old and Amazon were happy to take it back and give me a refund. I'll buy another product from a company that keeps its firmware secure and avoid Netgear.
