NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi router
I have got this report from Avast and Bitdefender after scanning my network and i have the latest firmware for my router. Any ideas if Netgear is working on a firmware update f...
For the subject CVE-2017-14491 plus a few more items to address should be 2.78 or higher. Check http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
I have Avast telling me the same issue.
Router has firmware vs V1.0.9.28_10.2.32
dnsmasq-2.14-OpenDNS-1
Has this been fixed yet?
Hi RAJackson097,
Thank you bringing this up. Please check the link below to report vulnerabilities. https://www.netgear.com/about/security/default.aspx
Regards,
Blanca
Community Team- Blanca,
I followed your link and searched for "avast" and no results. I see your responses about where to report security isses. We report issues based on our model numbers. With so many reports of the avast dnsmasq problem, why do you cause customers the frustration of re-posting in another forum?
If the vulnerability will not be addressed, please make a NG statement to the effect. Is it a chip issue being incompatible with a firmware solution? Let us in on the joke, so to speak.
I am at FW version V1.0.9.32_10.2.34
and I get
"dnsmasq-2.15-OpenDNS-1"
returned from a Windows 10 powershell using nslookup command.
Looked this up on CVE Details and this version of dnsmasq is circa 2005. WTH?
Come on now!
This is embarassing, I see my router is vulnerable too at version 2.15 (R7000). Netgear, what the heck are you guys doing asleep at the wheel here ? I regularly recommend netgear routers to my clients, but i'm going to be stopping until you fix this garbage. It's been MONTHS. Do the right thing and fix this.
I am finding it odd that dnsMasq 2.79 is the latest revision out there in open source land and we still have 2.15 in use in our routers. THAT is a lot of proverbial water under the old revision bridge. Since dnsMasq is open source, there should be no reason we cannot have the latest except possibly that since Netgear is a for-profit company, they are unable to use the cutting edge releases, instead, perhaps they are forced to use old code, old buggy vulnerable code in their products?! Spit-balling here but this is the only scenario that makes sense (given no other information at all) other than Netgear having say, only 3 engineers tackling 27,518 bugs across their plethora of products. Is that the case? Anyway, I like my Netgear products. I just want to see this fixed ASAP. Please Netgear engineers, fix this. Thanks!
