NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
DnsMasq heap buffer overflow vulnerability on RDR50
Avast network security scan is telling me that I have a "DnsMasq heap buffer overflow vulnerability", reference CVE-2017-14491, and that I should upgrade to the latest firmware. I am already running...
Hello Delboy74,
Thank you for your feedback.I have forwarded this information to our engineering team and will provide you with an update as soon as possible. In the meantime, I would recommend reporting this vulnerability using the link below:
https://www.netgear.com/about/security/default.aspx
Best regards,
Christian
Christian,
Putting is K.I.S.S. Netgear must update dnsmasq to v2.78 (or newer) on all Orbi Pro, Orbi, Nighthawk, Wireless AC routers, Wireless routers, Cable routers, ... Netgear has missed > 10 months ignoring the required mandatory updates on most products. It's not relevant if the Netgear engineering stating that the vulnerability can't be exploited - these vulnerability checkers are testing for the dnsmask version, so there is no way around the update. Don't know why this is sooooo difficult. Not doing so does only leave a very poor impression on Netgears handling of open source code updates.
It can't be Netgear owners (mostly consumers and users) have to report vulnerabilities on well known issues.
Regards,
-Kurt
That's really not an acceptable response to my question. I searched lots of posts from other people asking similar questions over the last ten months and they all received the same response. Thankfully, my product was only a few weeks old and Amazon were happy to take it back and give me a refund. I'll buy another product from a company that keeps its firmware secure and avoid Netgear.
