Wi-Fi Inspector Port 53

[cindygo_ex]

Hi - The Wi-Fi Inspector shows DNS: Device is vulnerable to attacks Port 53. I have logged into the router and disabled port 53 and rebooted my computer, reran scan but this showed up again. I logged back into router and deleted the port rebooted computer but still this port is detected by the Wi-Fi Inspector. The details says We have identified the following problem with your router or Wi-Fi hotspot device: DnsMasq heap buffer overflow vulnerability. Recommendation: The issue was fixed in DnsMasq software version 2.78, released in October 2017. To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

I contacted my internet provided and they say the router firmware is current.

How do I get rid of this message?

Thanks for any help on this, Cindy

[bob3160]

Have you checked to see what version of the firmware your router is running

[merckxist]

@cindygo_ex, re:

Have you checked to see what version of the firmware your router is running

From https://forum.avast.com/index.php?topic=215664.0 reply #14

You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.

There is a lengthy discussion in that topic about dnsmasq, isp provided routers and so on. Some posters have been told by their isp that the vulnerability has been fixed even if the dnsmasq version is older than v2.78. If so, I guess you have to take them at their word or ask about using a customer provided router that you can verify has a patched version of dnsmasq.

[edit]

How do I get rid of this message?

For now, the only sure way seems to be to use a router that has a patched version of dnsmasq. No one from Avast has identified an "exclusion" process for WiFi Inspector to ignore this vulnerability.

[bob3160]

@cindygo_ex, re:

Have you checked to see what version of the firmware your router is running

From https://forum.avast.com/index.php?topic=215664.0 reply #14

You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.

There is a lengthy discussion in that topic about dnsmasq, isp provided routers and so on. Some posters have been told by their isp that the vulnerability has been fixed even if the dnsmasq version is older than v2.78. If so, I guess you have to take them at their word or ask about using a customer provided router that you can verify has a patched version of dnsmasq.

[edit]

How do I get rid of this message?

For now, the only sure way seems to be to use a router that has a patched version of dnsmasq. No one from Avast has identified an "exclusion" process for WiFi Inspector to ignore this vulnerability.

IMHO, there shouldn't be an exclusion for this or any other actual vulnerability reported by Avast. It's Avast's job to inform and protect.
Since, in this case, all Avast can do is inform, it's up to you to correct and fix the vulnerability.
Till that's done, the vulnerability is still present. You can always ignore it. Avast should not exclude it.