Orbi WiFi 7 RBE973
Reply

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

Megarock
Tutor

Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi router

                       I have got this report from Avast and Bitdefender after scanning my network and i have the latest firmware for my router. Any ideas if Netgear is working on a firmware update for this problem. Please let me know , Thank you  

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 1 of 43

Accepted Solutions
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

For the subject CVE-2017-14491 plus a few more items to address should be 2.78 or higher. Check http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

View solution in original post

Message 40 of 43

All Replies
JamesGL
Master

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

Hi Megarock,

 

You can report it via proper channel.

 

https://www.netgear.com/about/security/default.aspx

Message 2 of 43
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

@JamesGL ... if Netgear would have a security officer in charge monitoring the vulberability report resources and update all the Open SOurce in time on all products still maintained we would not have to file anything. This issue in dnsmasq was fixed half a year ago ... but never made it to any Netgear device. Make this sleeping business unit run now!

Message 3 of 43
Megarock
Tutor

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

          Netgear needs to fix it ,, thanks , i hope they see this

Message 4 of 43
JamesGL
Master

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

Hi schumaku,

 

NETGEAR is working on any reported vulnerability issue. 

 

Hi Megarock,

 

Please submit it here.

 

https://www.netgear.com/about/security/default.aspx

Message 5 of 43
Megarock
Tutor

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

             Sorry, i went to the link on that site you gave me and i could not figure out how and what to do with it.

Message 6 of 43
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...


@JamesGLwrote:

NETGEAR is working on any reported vulnerability issue. 

 


We expect Netgear does update Open Source packets on these product on a regaular base, and not wait unil vulnerability reports are in the public (dnsmasq was updated almost half a year ago to address this vulnerability!!!), or 3rd party applications complain about features soon no longer supported (see all the OpenVPN warnings, current OpenSSL and updating the certificates would have saved virtually hundreds pf posts). Proactively handling - not sleeping. It's simply ignorant and leave a very bad impression on the Netgear brand.

Message 7 of 43
JamesGL
Master

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

 

Hi Megarock,

 

You can click on submit report on the link below.

 

https://bugcrowd.com/netgear

Message 8 of 43
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...


@JamesGLwrote:

You can click on submit report on the link below. 

Can't be Netgear customers having to file well known and published vulnerabilities every reasonable commercial, (even free!) vulnerability test tools does complain (some for a longer time). Something is badly wrong in the way these products firmware is audited, regularly reviewed, and security updated. 

Message 9 of 43
maryboroughmik
Aspirant

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...


@JamesGL wrote:

 

Hi Megarock,

 

You can click on submit report on the link below.

 

https://bugcrowd.com/netgear


@JamesGL I have a D6400 router and have the same vulnerabity message (CVE-2017-14491) from Avast. When I go to the link you directed my model doesn't even come up. I bought it less than 2 years ago and the warranty runs out later this year. Where do I go to find out how or if netgear have addressed this vulnerabity for my router?

Message 10 of 43
microchip8
Master

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

NETGEAR should get off this habit of using antique versions of their important toolchains and upgrade them to modern versions. dnsmasq version on NETGEAR routers is 2.39, which was released in 2007, which is 11 YEARS AGO, and widely known to have various (security) issues. wide-dhcpv6 is NO LONGER DEVELOPED FOR YEARS and is not up to current IPv6, sometimes not working at all with some configurations - I am living proof of that as I have Linux systems that don't work well with its dhcp6s server

 

But since this is NETGEAR and it does what it wants, and it took it YEARS to finally stop blocking ICMPv6 packets and this only on certain router models/firmware, I have very little hopes that any change will come. They're thick-headed-think-they-know-better while the competition is miles ahead (looks at ASUS)

 

A real, real SHAME. Because I happen to like NETGEAR hardware

Message 11 of 43
Squair
Guide

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

Hi,

Also having the DNS issue - port 53 - CVE-2017-14491 Vulnerablity. I did the nslookup and found my dnsmasq at 2.75. Avast says I'm in danger. 

 

Thanks

Model: R6900P|Nighthawk Smart WiFi Router with MU-MIMO
Message 12 of 43
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou


@Squair wrote:

Hi,

Also having the DNS issue - port 53 - CVE-2017-14491 Vulnerablity. I did the nslookup and found my dnsmasq at 2.75. Avast says I'm in danger. 


R6900P?
Firmware version?

 

If there is a 2.75 in place it's not updated, and Avast is right ...

 

dnsmasq starting from 2.78 is not vulnerable to CVE-2017-14491. Only CVE-2017-15107 (plus some other security enhancements) apply and  are fixed in 2.79 FMI: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG

 

 @ChristineT please - all firmware require an update to dnsmasq 2.79 (or newer) - the current 2.78 is no longer sufficient. And the default config should remove the non-documented and unsupported config option to query all DNS, too. Why does that all take that long?

Message 13 of 43
PaddyO
Aspirant

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi ...

Mine is 2.62 how do i upgrade?

Model: R8000|Nighthawk X6 AC3200 Smart WIFI Router
Message 14 of 43
Squair
Guide

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

My FW is v1.3.1.26_10.1.3 (no update available)

App= NIGHTHAWK 2.1.3.325

 

Why the Avast error? We are hearing the FBI tell us to reset our routers! 

 

Have a good day. Thanks.

Model: R6900P|Nighthawk Smart WiFi Router with MU-MIMO
Message 15 of 43
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou


@Squair wrote:

My FW is v1.3.1.26_10.1.3 (no update available) Why the Avast error?  

 


Because Avast does report a potential vulnerability/vulnerabilities which exist in the dnsmasq code on this old firmware. Because of Netgear was (and is to some extent) still lazy updating components in time and taking much more time to release firmware for all Netgear models.

 

@Squair wrote:

 

We are hearing the FBI tell us to reset our routers!  

Well, here we have even less information from Netgear. The information from Netgear available is very vague. Can't tell you more but that other vendors which were notified have updated their code in time early June 2017 already (and have supplied removal processes for effectively affected devices). 

No idea on how long this will take for your router model.

 

@PaddyO wrote:

Mine is 2.62 how do i upgrade?

R8000 - there is a firmware update available for a few days R8000 Firmware Version 1.0.4.18 - check the R8000 Support Downloads for later updates.

Message 16 of 43
Squair
Guide

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

Thanks for the R8000 update news, but I'm R6900P (Costco). I hope that Netgear will update the firmware to resolve the AVAST Vulnerability Catalogue ID CVE-2017-1449. I'm waiting for the next update.

Model: R6900P|Nighthawk Smart WiFi Router with MU-MIMO
Message 17 of 43
Blanca_O
NETGEAR Moderator

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

Hi Squair, 

 

Please check the link below to report vulnerabilities for your R6900P router.

 

https://www.netgear.com/about/security/default.aspx

 

Regards,

 

Blanca 
Community Team

Message 18 of 43
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou


@Blanca_O wrote:

 

Please check the link below to report vulnerabilities for your R6900P router.


This should not be required - keeping all Open Source current resp. update in time when vulnerabilities are discovered (such as on dnsmasq here more than a half year ago!) so consumer grade vulnerbility tests would never trigger any of these. All routers making use of dnsmasq must be upgrded to dnsmasq 2.79 (or newer). Netgear must become much more pro-active in monitoring the vulnerability repositories and take actions in time. It's a Netgear job, not a customer task! 

Message 19 of 43
Megarock
Tutor

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

Well until they fix it. I had to move to a Linksys 32x ac3200 gaming router. Sad its not fixed yet , i dont have the problem with this linksys router. Soon as they fix it i will go back to my netgear router i just like my netgear.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 20 of 43
RAJackson097
Aspirant

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

I have Avast telling me the same issue. 

Router has firmware vs V1.0.9.28_10.2.32

dnsmasq-2.14-OpenDNS-1

 

Has this been fixed yet?

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 21 of 43
Blanca_O
NETGEAR Moderator

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

Hi RAJackson097, 

 

Thank you bringing this up. Please check the link below to report vulnerabilities. https://www.netgear.com/about/security/default.aspx

 

Regards, 
Blanca 
Community Team

Message 22 of 43
RAJackson097
Aspirant

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou

I did the version check after updating to firmware version V1.0.9.32_10.2.34. 

 

Here is the check:

C:\Users\Robert>nslookup -type=txt -class=chaos version.bind 10.10.10.1
Server: UnKnown
Address: 10.10.10.1

version.bind text =

"dnsmasq-2.15-OpenDNS-1"

C:\Users\Robert>

 

Avast still calls this out as vulnerable to CVE-2017-14491.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 23 of 43
RAJackson097
Aspirant

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou


@Case850 wrote:

Sounds reasonable because as per message 4, anything prior to V 2.78 has been indentified with vulnerabilities.


Question is when is Netgear going to fix it? They have known about this issue for some time.

Model: R7000|Nighthawk AC1900 Dual Band WiFi Router
Message 24 of 43
schumaku
Guru

Re: Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi rou


@RAJackson097 wrote:

@Case850 wrote:

Sounds reasonable because as per message 4, anything prior to V 2.78 has been indentified with vulnerabilities.


Question is when is Netgear going to fix it? They have known about this issue for some time.


Netgear does not systematically monitor and update Open Source code on products under maintenance. And of course it's not about the Netgear customers reporting common known vulnerabilities to their security site (waste of time for everyone). Even worse, some community managers try to convince customers that the vulnerability does not apply or can't be (ab-)used.

Message 25 of 43
Top Contributors
Discussion stats
  • 42 replies
  • 35600 views
  • 28 kudos
  • 14 in conversation
Announcements

Orbi 770 Series