Author Topic: Wi-Fi Inspector Says my brand new router has a high risk issue!  (Read 7235 times)

0 Members and 1 Guest are viewing this topic.

Offline long-time-avast-user

  • Newbie
  • *
  • Posts: 4
I have one of the newest, top of the line routers from linksys! It is the ( Linksys EA9300 ) It is an amazing router running the latest firmware from linksys, in fact it has auto updates that automatically install the latest firmware.

I am also running the latest version of avast premier as of today 8-21-2018

When I run Wi-Fi Inspector ALL of my connected devices come back with NO issues EXCEPT for my router. Wi-Fi Inspector is reporting the following issue.

"..Description
Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.

Android devices used as a Wi-Fi hotspot can be also affected.

Solution
Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.

Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.

Note:
As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device.
Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.

Details
We have identified the following problem with your router or Wi-Fi hotspot device:

DnsMasq heap buffer overflow vulnerability
Severity: High

Reference: CVE-2017-14491 | Google Security Blog

Description:
The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.

Impact:
Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.

Recommendation:
The issue was fixed in DnsMasq software version 2.78, released in October 2017.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources..."

----------------------------------------------------

I spoke with technical support at linksys and we confirmed that I was running the latest firmware and we even RE-FLASHED my router and re-ran Wi-Fi Inspector and it still shows the HIGH RISK vulnerability! ( DnsMasq heap buffer overflow vulnerability- Severity: High )


Does anybody know if this is a FALSE POSITIVE or do I really have an issue like the Wi-Fi Inspector says I do?

I just can't imagine on such a newer top of the line router by linksys having this issue and I am the only one on planet earth that knows about it and can't get any yes or no direct answers! I sure don't want to get stuck in a back and forth with linksys saying there is nothing wrong with my router and avast saying oh yes there is something wrong with your router.

Thank you in advance!......windows 10 home
« Last Edit: August 21, 2018, 08:38:16 PM by long-time-avast-user »

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #1 on: August 22, 2018, 07:10:32 AM »
Maybe this will help:  (Article posted April 20, 2017)  https://threatpost.com/20-linksys-router-models-vulnerable-to-attack/125085/

If you've changed the default administrative passwords should help.

More:  https://duckduckgo.com/?q=linksys+router+vulnerabilities&t=ffnt&ia=web
Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline long-time-avast-user

  • Newbie
  • *
  • Posts: 4
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #2 on: August 26, 2018, 03:09:46 PM »
bump

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5420
  • Spartan Warrior
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #3 on: August 27, 2018, 07:01:13 AM »
Not sure what type of help you require here. 

Detections are valid.  Up to you what you do about them.

Windows 10 Home 64-bit 20H2 Avast Premier Security version 21.3.2459 (build 21.3.6164.652) UI version 1.0.612.

Offline long-time-avast-user

  • Newbie
  • *
  • Posts: 4
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #4 on: August 27, 2018, 11:40:40 AM »
Linksys is saying there is nothing wrong with my router and it is a false positive! Avast is saying their the detection is real and not a false positive! ............................boy o'l boy didn't see that coming at all! >:(

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72172
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #5 on: August 27, 2018, 11:52:45 AM »
Hi, you can test/check it yourself, see below...

Dev-Info: Hi, Google zero project discovered 7 critical vulnerabilities in DnsMasq implemetation running on many routers and devices as DNS daemon, see: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html . The issue was fixed in DnsMasq software version 2.78, released in October 2017

We added this detection into Wifi inspector. This detection is based on DNS version obtained via remote finteprint also called banner detection. Banner detections are not critical (in this particular case is detection verbosity set to warning), it says your device is likely vulnerable. We are not sending real exploit probes to detect vulnerable DNS servers, because its too dangerous and it may cause the application crash.

You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer. If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. More details can be found also here: https://help.avast.com/en/av_free/17/hns/cve-2017-14491.html
Win 8.1 [x64] - Avast PremSec 21.9.6660.IBC [UI.670] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline long-time-avast-user

  • Newbie
  • *
  • Posts: 4
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #6 on: August 27, 2018, 12:07:42 PM »
Hi, you can test/check it yourself, see below...

Dev-Info: Hi, Google zero project discovered 7 critical vulnerabilities in DnsMasq implemetation running on many routers and devices as DNS daemon, see: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html . The issue was fixed in DnsMasq software version 2.78, released in October 2017

We added this detection into Wifi inspector. This detection is based on DNS version obtained via remote finteprint also called banner detection. Banner detections are not critical (in this particular case is detection verbosity set to warning), it says your device is likely vulnerable. We are not sending real exploit probes to detect vulnerable DNS servers, because its too dangerous and it may cause the application crash.

You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer. If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. More details can be found also here: https://help.avast.com/en/av_free/17/hns/cve-2017-14491.html


results after test:.......version.bind    text =

        "dnsmasq-2.55"

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72172
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #7 on: August 27, 2018, 12:18:40 PM »
Well, all versions prior to 2.78 are vulnerable.
Win 8.1 [x64] - Avast PremSec 21.9.6660.IBC [UI.670] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Siouxie

  • Newbie
  • *
  • Posts: 2
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #8 on: September 22, 2018, 05:33:57 PM »
i am encountering the same issue on brand new BT Hub 6 router (Win 8.1) and licence product from Avast.
I am a total novice and note the advice that incorrect installation of a firmware update may render your router inoperable.  Also, if you search this forum for "DnsMasq software version 2.78", a previous thread (Chris) states that not many devices will have the update.

Come on Avast, I paid for your service so please answer long-time-avast-user's question - is this error message incorrect or so we actually have something to worry about?

(Interestingly, Avast solution was that I spend more money on a VPN but I don't see how a 'secure-line' out could protect my router from attacks from outside coming in?)

I am a complete novice. (Sorry not to be more helpful)


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72172
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #9 on: September 22, 2018, 05:35:46 PM »
Hi, that's a legit detection. Unfortunately, some manufacturers are too lazy to fix it.
Win 8.1 [x64] - Avast PremSec 21.9.6660.IBC [UI.670] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Siouxie

  • Newbie
  • *
  • Posts: 2
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #10 on: September 22, 2018, 05:38:34 PM »
Asyn - do you  know a reliable link to British Telecoms Hub 6 firmware update at all please?  Is it a risky thing to do if you don't know what you are doing?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72172
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #11 on: September 22, 2018, 05:41:41 PM »
1. Asyn - do you  know a reliable link to British Telecoms Hub 6 firmware update at all please?
2. Is it a risky thing to do if you don't know what you are doing?
1. Nope, best you contact your ISP.
2. Usually not.
Win 8.1 [x64] - Avast PremSec 21.9.6660.IBC [UI.670] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Bob5555

  • Newbie
  • *
  • Posts: 2
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #12 on: December 04, 2018, 02:09:54 PM »
can you tell me exactly what to type in the command prompt here to run this test on my own router?
I typed in         nslookup -type=txt -class=chaos version.bind 192.168.x.x
but I get this message DNS request timed out server: unknown address 192.168.x.x


You should test your router manually with the following command in cmd:
nslookup -type=txt -class=chaos version.bind ROUTER_IP

For example:
c:\>nslookup -type=txt -class=chaos version.bind 192.168.0.1
Server:  router
Address:  192.168.0.1
 
version.bind    text =
 
        "dnsmasq-2.45"

All versions prior to 2.78 are vulnerable.

Offline Bob5555

  • Newbie
  • *
  • Posts: 2
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #13 on: December 04, 2018, 02:15:35 PM »
have you got a list of all routers effected by this?

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72172
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Wi-Fi Inspector Says my brand new router has a high risk issue!
« Reply #14 on: December 04, 2018, 03:40:44 PM »
can you tell me exactly what to type in the command prompt here to run this test on my own router?
I typed in nslookup -type=txt -class=chaos version.bind 192.168.x.x
See Reply #5 and adjust it to your router IP. (.x.x won't work)
Win 8.1 [x64] - Avast PremSec 21.9.6660.IBC [UI.670] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0