NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Delboy74's avatar
Delboy74
Aspirant
Aug 19, 2018

DnsMasq heap buffer overflow vulnerability on RDR50

Avast network security scan is telling me that I have a "DnsMasq heap buffer overflow vulnerability", reference CVE-2017-14491, and that I should upgrade to the latest firmware.  I am already running...
Troubleshooting
Christian_R's avatar
Christian_R
NETGEAR Employee Retired
Aug 20, 2018

Hello Delboy74

 

Thank you for your feedback.I have forwarded this information to our engineering team and will provide you with an update as soon as possible. In the meantime, I would recommend reporting this vulnerability using the link below: 

 

https://www.netgear.com/about/security/default.aspx
 

 

Best regards,

Christian

 

 

 

schumaku's avatar
schumaku
Guru - Experienced User
Aug 20, 2018

Christian,

 

Putting is K.I.S.S. Netgear must update dnsmasq to v2.78 (or newer) on all Orbi Pro, Orbi, Nighthawk, Wireless AC routers, Wireless routers, Cable routers, ...  Netgear has missed > 10 months ignoring the required mandatory updates on most products. It's not relevant if the Netgear engineering stating that the vulnerability can't be exploited - these vulnerability checkers are testing for the dnsmask version, so there is no way around the update. Don't know why this is sooooo difficult. Not doing so does only leave a very poor impression on Netgears handling of open source code updates.

 

It can't be Netgear owners (mostly consumers and users) have to report vulnerabilities on well known issues.

 

Regards,

-Kurt