This topic has been marked solved and closed to new posts due to inactivity. We hope you'll join the conversation by posting to an open topic or starting a new one.
I updated my Avast free antivirus to the current build and ran the Wi-Fi inspector. I had ran it recently and it found no problems. But now it reads:
"Your router or Wi-Fi hotspot is vulnerable to network attacks! We have found vulnerabilities in your router or Wi-Fi hotspot that can be used by attackers to hack into your network.
Description Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.
Android devices used as a Wi-Fi hotspot can be also affected.
Solution Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.
Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.
Details We have identified the following problem with your router or Wi-Fi hotspot device:
DnsMasq heap buffer overflow vulnerability Severity: High
Description: The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability.
Impact: Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.
Recommendation: The issue was fixed in DnsMasq software version 2.78, released in October 2017.
To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.
If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources".
I am running firmware version V1.0.1.44_10.0.28, and there is nothing newer.
I would appreciate any feedback on how to deal with this.
These tales may or may not be valid. (They aren't usually.) But as you'll see from that search this is a pretty common issue. The usual resolution is for Netgear to tell Avast to get its act together.
Indeed. I didn't try to brush it under any carpet, which is why I suggested that it is down to Netgear to talk to Avast and deal with the issue.
I just wanted to let the person who posted the message know that this is not the first time that Avast has cropped up here as a source of these warnings.
On balance, most of these reports turn out to be "fake news", but you should never ignore them. Let Netgear know. But do so in the knowledge that you may not face any truly nasty immediate risk.
The message has to be, be careful but don't panic.
That alone probably wouldn't tell me much about my security status.
At the moment, I am running non-standard firmware as a part of a Netgear beta test. I can't say what it is all about, beyond that it is a security thing for something that Netgear has already announced. Perhaps you are in the same beta program.
If this Avast thing is enough to warrant updates to all Netgear's firmware, I think we can safely expect to see an increase in those "new firmware broke my router" messages.
James, could you or one of the mods please either submit the issue or find out if Netgear is working on it? I did not submit a report. I found the website confusing.
My R6900 with latest firmware runs "dnsmasq-2.15-OpenDNS-1"
