NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi router
I have got this report from Avast and Bitdefender after scanning my network and i have the latest firmware for my router. Any ideas if Netgear is working on a firmware update for this problem. Please let me know , Thank you
For the subject CVE-2017-14491 plus a few more items to address should be 2.78 or higher. Check http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
42 Replies
Hi Megarock,
You can report it via proper channel.
JamesGL ... if Netgear would have a security officer in charge monitoring the vulberability report resources and update all the Open SOurce in time on all products still maintained we would not have to file anything. This issue in dnsmasq was fixed half a year ago ... but never made it to any Netgear device. Make this sleeping business unit run now!
Hi schumaku,
NETGEAR is working on any reported vulnerability issue.
Hi Megarock,
Please submit it here.
Sorry, i went to the link on that site you gave me and i could not figure out how and what to do with it.
This is Netgears job, not those they sell to.
Hi,
Also having the DNS issue - port 53 - CVE-2017-14491 Vulnerablity. I did the nslookup and found my dnsmasq at 2.75. Avast says I'm in danger.
Thanks
Squair wrote:
Hi,
Also having the DNS issue - port 53 - CVE-2017-14491 Vulnerablity. I did the nslookup and found my dnsmasq at 2.75. Avast says I'm in danger.
R6900P?
Firmware version?If there is a 2.75 in place it's not updated, and Avast is right ...
dnsmasq starting from 2.78 is not vulnerable to CVE-2017-14491. Only CVE-2017-15107 (plus some other security enhancements) apply and are fixed in 2.79 FMI: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
ChristineT please - all firmware require an update to dnsmasq 2.79 (or newer) - the current 2.78 is no longer sufficient. And the default config should remove the non-documented and unsupported config option to query all DNS, too. Why does that all take that long?
My FW is v1.3.1.26_10.1.3 (no update available)
App= NIGHTHAWK 2.1.3.325
Why the Avast error? We are hearing the FBI tell us to reset our routers!
Have a good day. Thanks.
I have Avast telling me the same issue.
Router has firmware vs V1.0.9.28_10.2.32
dnsmasq-2.14-OpenDNS-1
Has this been fixed yet?
Hi RAJackson097,
Thank you bringing this up. Please check the link below to report vulnerabilities. https://www.netgear.com/about/security/default.aspx
Regards,
Blanca
Community Team- Blanca,
I followed your link and searched for "avast" and no results. I see your responses about where to report security isses. We report issues based on our model numbers. With so many reports of the avast dnsmasq problem, why do you cause customers the frustration of re-posting in another forum?
If the vulnerability will not be addressed, please make a NG statement to the effect. Is it a chip issue being incompatible with a firmware solution? Let us in on the joke, so to speak.
I am at FW version V1.0.9.32_10.2.34
and I get
"dnsmasq-2.15-OpenDNS-1"
returned from a Windows 10 powershell using nslookup command.
Looked this up on CVE Details and this version of dnsmasq is circa 2005. WTH?
Come on now!
This is embarassing, I see my router is vulnerable too at version 2.15 (R7000). Netgear, what the heck are you guys doing asleep at the wheel here ? I regularly recommend netgear routers to my clients, but i'm going to be stopping until you fix this garbage. It's been MONTHS. Do the right thing and fix this.
I'm wondering how it is that there can be such differences in the versions of dnsmasq in various models firmware. I have an R6400 (v1) which uses dnsmasq version 2.15 (released in 2004) in it's latest and it appears in all firmware ever released for this model. How does a router model released in 2015 get firmware compiled using such incredibily outdated source? Why do I see older models with newer versions? WTF is the dev process here? There are older routers listed that use far newer versions but I'm not sure any of Netgears use anything post 2.78 yet. In fact it seems that Netgear is actively ignoring this verified and published CVE from over half a year ago. There's another thread where a mod (who I just called out in a personal message) closed right away claiming it to be a false positive. There are other routers of other brands where ludicrous responses are given on this CVE as well. Honestly I don't care at this point if it is a false (it's not), I'm fed up with the handling and dev of firmware in general. Digging so deep into this has really exposed to me the ludicrous manner in which Netgear devs compile firmware. All open sources like dnsmasq should be based on the latest (stable) versions. I'm getting pretty PO'd about this whole thing. 20+ years a Netgear relationship as a customer and before that Bay. Maybe the real solution here is I go to dd-wrt on this particular unit. I'm surely at this point not going to be purchasing another or in my consultant capacity pushing any Netgear hardware, period.
As of this response from tier2 support on June 30:
I got an update from our Engineering team and they have confirmed that the R6900P router is not affected by the DNSMasq Vulnerability.
It is easy to make the problem go away by saying there is no problem. My dnsmasq is 2.75 - Avast Vulnerability Catalogue ID CVE-2017-14491 says my 6 month old Netgear router is vulnerable. I agree that it should be a priority to use the latest updates (dnsmasq 2.78 or later) to eliminate the problem or concern.
My R7000 AC1900 still has DNSmasq vs 2.15. Hoping that they get this updated soon. Really bad for business to no perform updates to customer systems for a vulnerability that is over a year and a half old.
