× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

dnsmasq vulnerability in orbi

dgrigo
Guide

dnsmasq vulnerability in orbi

Is this for real? The fix for DnsMasq software version 2.78, released in October 2017.

Why is not yet on the firmware?

 

DnsMasq heap buffer overflow vulnerability


Severity: High

Reference: CVE-2017-14491 | Google Security Blog

Description:
The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.

Impact:
Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.

Recommendation:
The issue was fixed in DnsMasq software version 2.78, released in October 2017.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources.

Model: RBK53| Orbi Router + 2 Satellites Orbi WiFi System
Message 1 of 2
schumaku
Guru

Re: dnsmasq vulnerability in orbi

All perfectly corrrect. Have used search before posting? Discussed and explained with Orbi, Orbi Pro, Nighthawk, R6000 router, Cable Router, DSL router many times: Netgear is ignorant (mostly - the R9000 was one of the few which was updated in time, but the very same fix for a vulnerability created a new one, so we're back on square one for all Netgear routers.

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 1207 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi 770 Series