Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: long-time-avast-user on August 21, 2018, 06:46:05 PM

Title: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: long-time-avast-user on August 21, 2018, 06:46:05 PM
I have one of the newest, top of the line routers from linksys! It is the ( Linksys EA9300 ) It is an amazing router running the latest firmware from linksys, in fact it has auto updates that automatically install the latest firmware.

I am also running the latest version of avast premier as of today 8-21-2018

When I run Wi-Fi Inspector ALL of my connected devices come back with NO issues EXCEPT for my router. Wi-Fi Inspector is reporting the following issue.

"..Description
Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.

Android devices used as a Wi-Fi hotspot can be also affected.

Solution
Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.

Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.

Note:
As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device.
Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.

Details
We have identified the following problem with your router or Wi-Fi hotspot device:

DnsMasq heap buffer overflow vulnerability
Severity: High

Reference: CVE-2017-14491 | Google Security Blog

Description:
The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.

Impact:
Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.

Recommendation:
The issue was fixed in DnsMasq software version 2.78, released in October 2017.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources..."

----------------------------------------------------

I spoke with technical support at linksys and we confirmed that I was running the latest firmware and we even RE-FLASHED my router and re-ran Wi-Fi Inspector and it still shows the HIGH RISK vulnerability! ( DnsMasq heap buffer overflow vulnerability- Severity: High )


Does anybody know if this is a FALSE POSITIVE or do I really have an issue like the Wi-Fi Inspector says I do?

I just can't imagine on such a newer top of the line router by linksys having this issue and I am the only one on planet earth that knows about it and can't get any yes or no direct answers! I sure don't want to get stuck in a back and forth with linksys saying there is nothing wrong with my router and avast saying oh yes there is something wrong with your router.

Thank you in advance!......windows 10 home
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: mchain on August 22, 2018, 07:10:32 AM
Maybe this will help:  (Article posted April 20, 2017)  https://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/ (https://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/)

If you've changed the default administrative passwords should help.

More:  https://duckduckgo.com/?q=linksys+router+vulnerabilities&t=ffnt&ia=web (https://duckduckgo.com/?q=linksys+router+vulnerabilities&t=ffnt&ia=web)
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: long-time-avast-user on August 26, 2018, 03:09:46 PM
bump
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: mchain on August 27, 2018, 07:01:13 AM
Not sure what type of help you require here. 

Detections are valid.  Up to you what you do about them.

Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: long-time-avast-user on August 27, 2018, 11:40:40 AM
Linksys is saying there is nothing wrong with my router and it is a false positive! Avast is saying their the detection is real and not a false positive! ............................boy o'l boy didn't see that coming at all! >:(
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on August 27, 2018, 11:52:45 AM
Hi, you can test/check it yourself, see below...

Dev-Info: Hi, Google zero project discovered 7 critical vulnerabilities in DnsMasq implemetation running on many routers and devices as DNS daemon, see: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html . The issue was fixed in DnsMasq software version 2.78, released in October 2017

We added this detection into Wifi inspector. This detection is based on DNS version obtained via remote finteprint also called banner detection. Banner detections are not critical (in this particular case is detection verbosity set to warning), it says your device is likely vulnerable. We are not sending real exploit probes to detect vulnerable DNS servers, because its too dangerous and it may cause the application crash.

You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer. If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. More details can be found also here: https://help.avast.com/en/av_free/17/hns/cve-2017-14491.html
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: long-time-avast-user on August 27, 2018, 12:07:42 PM
Hi, you can test/check it yourself, see below...

Dev-Info: Hi, Google zero project discovered 7 critical vulnerabilities in DnsMasq implemetation running on many routers and devices as DNS daemon, see: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html . The issue was fixed in DnsMasq software version 2.78, released in October 2017

We added this detection into Wifi inspector. This detection is based on DNS version obtained via remote finteprint also called banner detection. Banner detections are not critical (in this particular case is detection verbosity set to warning), it says your device is likely vulnerable. We are not sending real exploit probes to detect vulnerable DNS servers, because its too dangerous and it may cause the application crash.

You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer. If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. More details can be found also here: https://help.avast.com/en/av_free/17/hns/cve-2017-14491.html


results after test:.......version.bind    text =

        "dnsmasq-2.55"
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on August 27, 2018, 12:18:40 PM
Well, all versions prior to 2.78 are vulnerable.
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Siouxie on September 22, 2018, 05:33:57 PM
i am encountering the same issue on brand new BT Hub 6 router (Win 8.1) and licence product from Avast.
I am a total novice and note the advice that incorrect installation of a firmware update may render your router inoperable.  Also, if you search this forum for "DnsMasq software version 2.78", a previous thread (Chris) states that not many devices will have the update.

Come on Avast, I paid for your service so please answer long-time-avast-user's question - is this error message incorrect or so we actually have something to worry about?

(Interestingly, Avast solution was that I spend more money on a VPN but I don't see how a 'secure-line' out could protect my router from attacks from outside coming in?)

I am a complete novice. (Sorry not to be more helpful)

Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on September 22, 2018, 05:35:46 PM
Hi, that's a legit detection. Unfortunately, some manufacturers are too lazy to fix it.
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Siouxie on September 22, 2018, 05:38:34 PM
Asyn - do you  know a reliable link to British Telecoms Hub 6 firmware update at all please?  Is it a risky thing to do if you don't know what you are doing?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on September 22, 2018, 05:41:41 PM
1. Asyn - do you  know a reliable link to British Telecoms Hub 6 firmware update at all please?
2. Is it a risky thing to do if you don't know what you are doing?
1. Nope, best you contact your ISP.
2. Usually not.
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Bob5555 on December 04, 2018, 02:09:54 PM
can you tell me exactly what to type in the command prompt here to run this test on my own router?
I typed in         nslookup -type=txt -class=chaos version.bind 192.168.x.x
but I get this message DNS request timed out server: unknown address 192.168.x.x


You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Bob5555 on December 04, 2018, 02:15:35 PM
have you got a list of all routers effected by this?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on December 04, 2018, 03:40:44 PM
can you tell me exactly what to type in the command prompt here to run this test on my own router?
I typed in nslookup -type=txt -class=chaos version.bind 192.168.x.x
See Reply #5 and adjust it to your router IP. (.x.x won't work)
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: ramoynihan on January 28, 2019, 07:43:53 PM
Hi Folks,

"WiFi inspector" reports the same issue with my Linksys router, and I checked that it has the latest firmware but still uses version 2.55 of dnsmasq.

Question: does this apply only to the WiFi performance of the router itself, or does it affect the whole LAN? I don't use the wireless capabilities of the Linksys router and I use a Ubiquiti WAP instead (which gets a green checkmark from 'inspector'). But even with the WiFi features of the router disabled it reports the router as being a security problem.

Not sure if I should feel comfortable or not.

Thanks.
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: rocksteady on January 30, 2019, 03:58:20 PM
I think many routers are being found at risk of this vulnerability, but manufacturers don't seem too bothered about it.
If you have a Linksys router you could always take a look on their community forum to seek assistance:
https://community.linksys.com
 
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: chris.. on February 23, 2019, 12:07:40 PM
Hello,

Quote
All versions prior to 2.78 are vulnerable.

Has there been any change on the avast side?

Many people who had the problem before the last update no longer have it now.
However,their router has not been updated,  the detected version of dnsmasq is still  "dnsmasq-2.55"
I would like to point out that the wifi-inspector scan was done by mentioning "Home" network , because in "Public" network (selected), avast had not detected for several months now, which is normal when we know that the vulnerability is positioned on the LAN and not the WAN.
nb:This is an observation of several (Belgian) users and not mine, because my router was updated at the end of the year with dnsmasq 2.78
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on February 23, 2019, 07:35:58 PM
Hi Chris, are these guys using a VPN..?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: chris.. on February 23, 2019, 10:12:10 PM
I don't think so (at least for one of them, but I'm still going to ask for confirmation).
On the other hand, what is certain is that their test was done manually with the cmd command on their own router (192.168.1.1) , I don't think using a VPN can fake the answer on locally server IP ???
#15 ramoynihan post was january 28th before avast last update , it would be nice to know what about now ?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on February 23, 2019, 10:26:13 PM
I don't think so (at least for one of them, but I'm still going to ask for confirmation).
OK, let me know. I've seen on some user systems that a VPN can prevent this WFI detection.
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: chris.. on February 23, 2019, 11:10:12 PM
Hi Chris, are these guys using a VPN..?
Have you to know if they usually use a VPN (disabled at the time of testing) or if it is enabled at the time of testing?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on February 24, 2019, 07:56:44 AM
Hi Chris, are these guys using a VPN..?
Have you to know if they usually use a VPN (disabled at the time of testing) or if it is enabled at the time of testing?
Let's put it this way, does it make a difference if their VPN (if any) is disabled during WFI-Scan..?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: chris.. on February 24, 2019, 10:07:23 AM
yes , does it make ?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on February 24, 2019, 10:35:45 AM
yes , does it make ?
Sorry, not sure what you mean. :-\
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: chris.. on February 24, 2019, 12:52:14 PM
#18 & #20 you want to know if they use VPN
#21 I would like clarification on what you call "using a VPN" ---> enabled or disabled during Wifi scanning ?
#22 it seems you haven't quite understood and ask me if I wanted to know ("Let's put it this way") if "does it make a difference if their VPN (if any) is disabled during WFI-Scan..?"
So #23 I confirm that my question #21 is the same of your #22 :yes, "does it make? ...... a difference if their VPN (if any) is disabled during WFI-Scan..?" ---> yes or no ?
Title: Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
Post by: Asyn on February 24, 2019, 01:21:17 PM
Well, please ask the users you mentioned in Reply #17 and report back. Cheers