• Home Support Forums Security Advisories Shop     English | French
Support Announcement
Response to DNSmasq :: Google reports multiple security flaws

On Oct. 2, 2017,  the Google security team disclosed security flaws in the DNSmasq Linux software package that may lead to remote code execution (RCE) and information leaks.

 

[Update 04/06/18 for products sold in US]

 

Associated CVE IDs for CERT/CC VU number: VU#973527

 

  • CWE-122: Heap-based Buffer Overflow - CVE-2017-14491

  • CWE-122: Heap-based Buffer Overflow - CVE-2017-14492

  • CWE-121: Stack-based Buffer Overflow - CVE-2017-14493

  • CWE-200: Information Exposure - CVE-2017-14494

  • CWE-400: Uncontrolled Resource Consumption('Resource Exhaustion') - CVE-2017-14495

  • CWE-191: Integer Underflow - CVE-2017-14496


The vulnerabilities described are in the DNSmasq source code requiring a broad product-line and industry correction. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific product, check the table. Note that the table list below is not exhaustive, and we recommend to check back frequently over the next 30 days.

DNSMasq ulnerabilities affect the following (US products):

 

Wi-Fi Extenders:

 

Model Ver. Current Status Last Update
DAP-1320 Bx Under Development 04/06/18
DAP-1320 Cx Under Development 04/06/18
DAP-1360 Ax Under Development 04/06/18
DAP-1360 Cx Under Development 04/06/18
DAP-1520 A1 Under Development 04/06/18
DAP-1620 Ax Under Development 04/06/18
DAP-1650 Ax Under Development 04/06/18
DAP-1665 A1 Under Development 04/06/18
DAP-1665 A2 Under Development 04/06/18
DAP-1665 Bx Official Release Here Closed: 05/30/18
DAP-1720 Ax Under Development 04/06/18

 

W-Fi Routers :

 

Model Ver. Current Status Last Update
DIR-816L Bx Under Development 04/06/18
DIR-818LW

Ax

Under Development 04/06/18
DIR-818LW/D Ax Under Development 04/06/18
DIR-818LW/R Ax Under Development 04/06/18
DIR-818LW/T Ac Under Development 04/06/18
DIR-822-US Cx Official Release Here

04/06/18

DIR-842 Cx Official Release Here 04/06/18
DIR-850L A1 PATCH HERE  04/06/18
DIR-850L B1 PATCH HERE  04/06/18
DIR-859 Ax Under Development 09/27/18
DIR-860L Ax Under Development 04/06/18
DIR-860L Bx Under Development 04/06/18
DIR-865L Ax PATCH HERE 02/28/18
DIR-867 Ax Official Release Here 05/30/18

DIR-868L

Ax Official Release Here 02/28/18
DIR-868L Bx Under Development 04/06/18
DIR-868L Cx Under Development 04/06/18
DIR-869 Ax Under Development 04/06/18
DIR-878 A1 PATCH HERE  04/06/18
DIR-879 Ax Official Release Here  10/24/18
DIR-880L Ax Under Development 04/06/18
DIR-882 A1 Official Release Here  04/10/18
DIR-885L/R Ax Under Development 04/06/18
DIR-890L/R Ax PATCH HERE 04/06/18
DIR-895L/R Ax Official Release Here 04/10/18

 

mydlink Home - Smart Home - IoT Devices

 

Model Ver. Current Status Last Update
DHP-W215 A2 Under Development 04/06/18