Reply

dnsmasq vulnerability

dnsmasq vulnerability

https://www.bleepingcomputer.com/news/security/security-bugs-in-dnsmasq-affect-computers-smartphones...

 

Any chance you guys could, you know, keep your code base modern with it's modules etc. It's rad to run Dnsmasq from 1997 but you all have an obligation to update your modules for your customer safety and for liability purposes.

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 1 of 6
bugmenot2
Apprentice

Re: dnsmasq vulnerability

what makes you say netgear firmware is running dnsmasq from 1997?

Message 2 of 6
bugmenot2
Apprentice

Re: dnsmasq vulnerability

never mind. just downloaded the open source firmware code posted by another user, which shows dnsmasq to be version 2.65 in the r7000. i hope this is updated to 2.78, fixed soon and kept up to date in the future.

Message 3 of 6

Re: dnsmasq vulnerability

Let's hope but upgrading DNSMASQ to 2.78 is just the tip of the iceberg. There are so many modules that are out of date within the firmware it's a walking security hole. Kind of like the walking dead only a router.

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 4 of 6

Re: dnsmasq vulnerability

Be thankful your R7000 is semi-uptodate the R9000 is running:

 

root@StorageofDN:/$ dnsmasq -version
Dnsmasq version 2.39 Copyright (C) 2000-2007 Simon Kelley
Compile time options IPv6 GNU-getopt no-ISC-leasefile no-DBus no-I18N no-TFTP

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2.

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 5 of 6

Re: dnsmasq vulnerability

This is really bad...

 

The kernel is from 2013, according to the source. Has anyone even maintained it?

 

Model: R9000|Nighthawk X10 AD7200 Smart WiFi Router
Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 2344 views
  • 4 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E