[Updated 11/16/17] Router and IoT Vulnerabilities (Dnsmasq)
On, October 2, 2017, vulnerabilities (US-CERT VU#973527) were made public, by Google’s security team, in Dnsmasq, a widely used software package included in many Internet-connected devices, such as routers, IoT devices, and Android devices. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Because of the wide-spread nature of the Dnsmasq software, we suspect many home and small business routers, as well as other gadgets and devices, will be found to be vulnerable. It would be wise to check with the manufacturer of any of your Internet connected devices, including routers, and Android devices, to see if they are affected (visit the manufacturer’s website, call, or e-mail). If affected, check to see if, and when, any updates will be released for the device. Also ask for instructions for installing the updates, once available. Some devices (most routers) don’t install firmware updates, automatically, but require updates to be manually installed. Some devices may not have updates forthcoming, especially if they are several years old, or inexpensive.
Even if your device is not affected by the Dnsmasq vulnerabilities, it is a good idea to check the manufacturer’s website to see if any security related firmware updates are available for your routers, and other Internet-connected devices.
We have checked with several router venders, of interest to Widomaker customers, to see if some specific routers are affected. If you have a potentially affected router, that is not listed below, you should contact the manufacturer to determine if your router is affected and what actions you should take.
Widomaker sells Zhone DSL modems/routers to customers who use Widomaker’s DSL Internet service. The most common models used by Widomaker customers include Zhone 1511, 1518, 6511, 6518, and 6519. Zhone replied to our query with the following information, indicating that these devices are not affected by this Dnsmasq vulnerability:
The 65xx and 15xx do not use dnsmasq in the modem firmware.
DrayTek replied to our query with the following information:
Your Vigor2830n-plus like most DrayOS models are free from this vulnerability issue. However we are checking this issue on some models based on open source. We will soon offer new firmware to fix it if any.
pfSense/Netgate offers detailed information about updates, that address the Dnsmasq vulnerabilities, in their recent blog post, linked below:
https://www.netgate.com/blog/no-plan-survives-contact-with-the-internet.html
Belkin has not, yet, replied to our query. Check back here or the Belkin Support site, for updates.
D-Link has not, yet, replied to our query. Check back here or the D-Link Support site, for updates.
Linksys has not, yet, replied to our query. Check back here or the Linksys Support site, for updates
[Updated 11/16/2017] Netgear replied to our query with the following information:
Per engineers, there are Dnsmasq issue with some of our routers. But our engineers did not provide us any information of which routers is it. They just informed us that they already doing a fix for it but we still do not have an ETA for it.
