DnsMasq version used by the router firmware

Feb 2, 2019
5
0
10
This new thread is related to the recently closed one "Router DnsMasq vulnerability issue"

http://www.tomshardware.com/answers/id-3724350/router-dnsmasq-vulnerability-issue.html.

Someone may be left with the impression that the "DnsMasq heap buffer overflow vulnerability" CVE-2017-14491 is the false/positive one reported by Avast antivirus.

To find out what is DnsMasq version used by the modem/router firmware is to execute a test outside of Avast antivirus itself. For example, using the simple MS-DOS command on your computer in cmd:

nslookup -type=txt -class=chaos version.bind ROUTER_IP

where ROUTER_IP is your router IP address used during its installation (e.g. from the instructions from your internet service provider).

For example:

c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1

where 192.168.0.1 is ROUTER_IP address

All DnsMasq versions lower than V2.78 are vulnerable to CVE-2017-14491, as well as several others that were discovered in DNS server software after October 2017.
 
Feb 2, 2019
5
0
10


1. Should DnsMasq version is lower than V2.78, then report this issue to ISP (in case if they supplied the router). ISP will need to contact the modem/router manufacturer and to request the firmware update with the latest currently available DnsMasq V2.80. This may take a while for the manufacturer to fix.

2. Meanwhile, just to prevent to some degree the level of this and later discovered DnsMasq vulnerabilities it is recommended to use strong passwords, timely OS, antivirus and other software updates, set up VPN, etc.