NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

Megarock's avatar
Megarock
Tutor
Mar 26, 2018
Solved

Avast Vulnerability Catalogue ID CVE-2017-14491 for the Nighthawk R7000 ac1900 dualband wifi router

                       I have got this report from Avast and Bitdefender after scanning my network and i have the latest firmware for my router. Any ideas if Netgear is working on a firmware update f...
Firmware
Security
BRWhitecotton's avatar
BRWhitecotton
Aspirant
Aug 05, 2018

I am happy to report that Netgear has fixed this with the latest update applied to my router.  I updated about 5 days ago (regular update push from Netgear, not by manual download method) to version V1.0.9.34_10.2.36 and now Avast does not complain about dnsmasq and nslookup reports  "dnsmasq-2.78".

 

THANK YOU Netgear for taking care of this!!! I am sure you are tackling these issues as quickly as resources allow! Hang in there folks, help is on the way!!!

Cheers,

Brian

 

htroudi's avatar
htroudi
Apprentice
Aug 13, 2018

Can anyone tell if this is fixed on Netgear R8000P?

  • htroudi's avatar
    htroudi
    Apprentice
    Aug 13, 2018

    The command nslookup -type=txt -class=chaos version.bind 192.168.1.1 gives me:

     

    version.bind text = "dnsmasq-2.75"

     

    So am I safe?

  • htroudi's avatar
    htroudi
    Apprentice
    Aug 15, 2018
    So am I sade then??
  • sixteen59's avatar
    sixteen59
    Aspirant
    Aug 15, 2018

    Safe? No. I've repeatedly challenged support who tells us that the vulnerability doesn't exist even though they're using (inexplicably) dnsmasq versions back to 14 years old and most of them are pre-2.76. They will tell me the engineers say it isn't a concern. I say then the engineers can explain HOW it's not a concern when using versions of dnsmasq that are very obviously vulnerable version. I have a R6400 as well as a number of customers that do as well, it's vulnerable. I have customers with R7000s that are vulnerable. I have customers with R7800s that are vulnerable. And on and on. I'm not sure there's a product that's not vulnerable. Netgear doesn't care. I seriously don't understand the difficult here. Just bring on new firmware releases for every product that gets dnsmasq up to date v2.78. Bottom line is they don't give a damn.

  • htroudi's avatar
    htroudi
    Apprentice
    Aug 23, 2018
    WTF!!!!!!!!!!!

    Netgear come on. Why are you doing this against us customers.

    You used go be a respectable network product manufacturer.

    What the hell happened??

    Me among others truly want to know why you don't take care of such a embarrassing security issue.

    Hear me : you WILL loose customers and money if you as a company won't do radical changes.