NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi router
I have got this report from Avast and Bitdefender after scanning my network and i have the latest firmware for my router. Any ideas if Netgear is working on a firmware update f...
For the subject CVE-2017-14491 plus a few more items to address should be 2.78 or higher. Check http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Squair wrote:
My FW is v1.3.1.26_10.1.3 (no update available) Why the Avast error?
Because Avast does report a potential vulnerability/vulnerabilities which exist in the dnsmasq code on this old firmware. Because of Netgear was (and is to some extent) still lazy updating components in time and taking much more time to release firmware for all Netgear models.
Squair wrote:
We are hearing the FBI tell us to reset our routers!
Well, here we have even less information from Netgear. The information from Netgear available is very vague. Can't tell you more but that other vendors which were notified have updated their code in time early June 2017 already (and have supplied removal processes for effectively affected devices).
No idea on how long this will take for your router model.
PaddyO wrote:
Mine is 2.62 how do i upgrade?
R8000 - there is a firmware update available for a few days R8000 Firmware Version 1.0.4.18 - check the R8000 Support Downloads for later updates.
Thanks for the R8000 update news, but I'm R6900P (Costco). I hope that Netgear will update the firmware to resolve the AVAST Vulnerability Catalogue ID CVE-2017-1449. I'm waiting for the next update.
Hi Squair,
Please check the link below to report vulnerabilities for your R6900P router.
https://www.netgear.com/about/security/default.aspx
Regards,
Blanca
Community Team
Blanca_O wrote:
Please check the link below to report vulnerabilities for your R6900P router.
This should not be required - keeping all Open Source current resp. update in time when vulnerabilities are discovered (such as on dnsmasq here more than a half year ago!) so consumer grade vulnerbility tests would never trigger any of these. All routers making use of dnsmasq must be upgrded to dnsmasq 2.79 (or newer). Netgear must become much more pro-active in monitoring the vulnerability repositories and take actions in time. It's a Netgear job, not a customer task!
Well until they fix it. I had to move to a Linksys 32x ac3200 gaming router. Sad its not fixed yet , i dont have the problem with this linksys router. Soon as they fix it i will go back to my netgear router i just like my netgear.
