On Oct. 2, 2017, the Google security team disclosed security flaws in the DNSmasq Linux software package that may lead to remote code execution (RCE) and information leaks.
[Update 04/06/18 for products sold in US]
Associated CVE IDs for CERT/CC VU number: VU#973527
-
CWE-122: Heap-based Buffer Overflow - CVE-2017-14491
-
CWE-122: Heap-based Buffer Overflow - CVE-2017-14492
-
CWE-121: Stack-based Buffer Overflow - CVE-2017-14493
-
CWE-200: Information Exposure - CVE-2017-14494
-
CWE-400: Uncontrolled Resource Consumption('Resource Exhaustion') - CVE-2017-14495
-
CWE-191: Integer Underflow - CVE-2017-14496
The vulnerabilities described are in the DNSmasq source code requiring a broad product-line and industry correction. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific product, check the table. Note that the table list below is not exhaustive, and we recommend to check back frequently over the next 30 days.
DNSMasq ulnerabilities affect the following (US products):
Wi-Fi Extenders:
| Model |
Ver. |
Current Status |
Last Update |
| DAP-1320 |
Bx |
Under Development |
04/06/18 |
| DAP-1320 |
Cx |
Under Development |
04/06/18 |
| DAP-1360 |
Ax |
Under Development |
04/06/18 |
| DAP-1360 |
Cx |
Under Development |
04/06/18 |
| DAP-1520 |
A1 |
Under Development |
04/06/18 |
| DAP-1620 |
Ax |
Under Development |
04/06/18 |
| DAP-1650 |
Ax |
Under Development |
04/06/18 |
| DAP-1665 |
A1 |
Under Development |
04/06/18 |
| DAP-1665 |
A2 |
Under Development |
04/06/18 |
| DAP-1665 |
Bx |
Official Release Here |
Closed: 05/30/18 |
| DAP-1720 |
Ax |
Under Development |
04/06/18 |
W-Fi Routers :
| Model |
Ver. |
Current Status |
Last Update |
| DIR-816L |
Bx |
Under Development |
04/06/18 |
| DIR-818LW |
Ax
|
Under Development |
04/06/18 |
| DIR-818LW/D |
Ax |
Under Development |
04/06/18 |
| DIR-818LW/R |
Ax |
Under Development |
04/06/18 |
| DIR-818LW/T |
Ac |
Under Development |
04/06/18 |
| DIR-822-US |
Cx |
Official Release Here |
04/06/18
|
| DIR-842 |
Cx |
Official Release Here |
04/06/18 |
| DIR-850L |
A1 |
PATCH HERE |
04/06/18 |
| DIR-850L |
B1 |
PATCH HERE |
04/06/18 |
| DIR-859 |
Ax |
Under Development |
09/27/18 |
| DIR-860L |
Ax |
Under Development |
04/06/18 |
| DIR-860L |
Bx |
Under Development |
04/06/18 |
| DIR-865L |
Ax |
PATCH HERE |
02/28/18 |
| DIR-867 |
Ax |
Official Release Here |
05/30/18 |
|
DIR-868L
|
Ax |
Official Release Here |
02/28/18 |
| DIR-868L |
Bx |
Under Development |
04/06/18 |
| DIR-868L |
Cx |
Under Development |
04/06/18 |
| DIR-869 |
Ax |
Under Development |
04/06/18 |
| DIR-878 |
A1 |
PATCH HERE |
04/06/18 |
| DIR-879 |
Ax |
Official Release Here |
10/24/18 |
| DIR-880L |
Ax |
Under Development |
04/06/18 |
| DIR-882 |
A1 |
Official Release Here |
04/10/18 |
| DIR-885L/R |
Ax |
Under Development |
04/06/18 |
| DIR-890L/R |
Ax |
PATCH HERE |
04/06/18 |
| DIR-895L/R |
Ax |
Official Release Here |
04/10/18 |
mydlink Home - Smart Home - IoT Devices
| Model |
Ver. |
Current Status |
Last Update |
| DHP-W215 |
A2 |
Under Development |
04/06/18 |