cancel
Showing results for 
Search instead for 
Did you mean: 

Hiltron Router Vulnerability?

GabieT
I'm a participant level 2
I'm a participant level 2

I recently ran Avast Internet Security on my home network.  With regards to the router it says "IP:192.16.0.1 Device is vulnerable to attacks."

 

Description:  Service is vulnerable to attackes from within your network.  Catalogue ID CVE-2017-14491.

Risks:  Attackers can abuse this vulnerability to disrupt  normal functions of this device and make it unresponsive.  Attackers can excute their own code on this device.

Details:

 

Description

Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.

Android devices used as a Wi-Fi hotspot can be also affected.

Solution

Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.

Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.

Note:

As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device.

Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.

Details

We have identified the following problem with your router or Wi-Fi hotspot device:

DnsMasq heap buffer overflow vulnerability

Severity: High

Reference: CVE-2017-14491 | Google Security Blog

Description:

The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.

Impact:

Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.

 

Recommendation:

The issue was fixed in DnsMasq software version 2.78, released in October 2017.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources.

 

I called up Tech Support and they didn't seem to be familiar with the issue and suggested that I get in touch with the Fido Community.  Any feedback would be appreciate for my peace of mind.

3 REPLIES 3

FidoPamela
Former Moderator
Former Moderator

Hey @GabieT!

 

Welcome to the Community Smiley 

 

We've sent this to the team in charge to look into this for you. 

 

It's also good to know that we're running a firmware trial that could help with that. Let me know if you're interested, I'll be happy to send you a PM and give you all the details. 

 



GabieT
I'm a participant level 2
I'm a participant level 2

@FidoPamelawrote:

Hey @GabieT!

 

Welcome to the Community Smiley 

 

We have sent this to the team in charge to look into this for you. 

 

It's also good to know that we are running a firmware trial that would help with that. Let me know if you're interested, I'll be happy to send you a PM and give you all the details. 

 


Pam, thanks for the welcome and the invite.  Surely interested in the trial.  Let me know of the details.

 

Regards.

Hey @GabieT

 

We've replied to your PM with the details of the trial Smiley