Support Announcements
DNSpooq Vulnerability Disclosures within dnsmasq (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)

Overview

On January 21, 2021, CERT/CC publically disclosed multiple vulnerability within dnsmasq: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687. Industry and Author refers to this series of vulnerabilities as DNSpooq. DNSpooq vulnerabilities include DNS cache poisoning vulnerabilities as well as a potential Remote Code Execution and exploits.

The list of devices industry-wide using dnsmasq that are affected by DNSpooq is long and varied.

Public Disclosures

      https://www.jsof-tech.com/disclosures/dnspooq/
      https://access.redhat.com/security/vulnerabilities/RHSB-2021-001
      https://us-cert.cisa.gov/ics/advisories/icsa-21-019-01

DNSpooq Vulnerability set divides into 2 types of vulnerabilities:

      1. DNS cache poisoning attacks, similar to the Kaminsky attack, but different in some aspects.
      2. Buffer overflow vulnerabilities that could lead to remote code execution.

DNSmasq below v2.83 is affected by the DNSpooq vulnerabilities:

JSOF reported multiple memory corruption vulnerabilities in dnsmasq due to boundary checking errors in DNSSEC handling code.

    CVE-2020-25681: A heap-based buffer overflow in dnsmasq in the way it sorts RRSets before validating them with DNSSEC data in an unsolicited DNS response
    CVE-2020-25682: A buffer overflow vulnerability in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data
    CVE-2020-25683: A heap-based buffer overflow in get_rdata subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries
    CVE-2020-25687: A heap-based buffer overflow in sort_rrset subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries


JSOF also reported vulnerabilities in DNS response validation that can result in DNS cache poisoning.

    CVE-2020-25684: Dnsmasq does not validate the combination of address/port and the query-id fields of DNS request when accepting DNS responses
    CVE-2020-25685: Dnsmasq uses a weak hashing algorithm (CRC32) when compiled without DNSSEC to validate DNS responses
    CVE-2020-25686: Dnsmasq does not check for an existing pending request for the same name and forwards a new request thus allowing an attacker to perform a "Birthday Attack" scenario to forge replies and potentially poison the DNS cache.


Affected Products

   

Category Model Hardware Revision Region Fixed F/W

Status

Last Updated
Nuclias Business AP DBA-1210P A1 US  2.06.000 Est. 06/25/2021
04/20/2021
Nuclias Business AP DBA-1510P A1 Non-US Under Development Pending Release
04/20/2021
Nuclias Business AP DBA-1520P A1 Non-US  Under Development Pending Release 04/20/2021
Nuclias Business AP DBA-2520P A1 US 2.04.000 Est. 06/25/2021 04/20/2021
Nuclias Business AP DBA-2620P A1 US 2.04.000 Est. 06/25/2021 04/20/2021
Nuclias Business AP DBA-2720P A1 US 2.03.000 Est. 06/25/2021 04/20/2021
Nuclias Business AP DBA-2820P A1 US 2.04.000 Est. 06/25/2021 04/20/2021
Nuclias Business AP DBA-3620P A1 US 2.03.000 Est. 06/25/2021 04/20/2021
Nuclias Business AP DBA-3621P A1 US 2.03.000 Est. 06/25/2021 04/20/2021
Nuclias Business AP DBA-X1230P A1 Non-US  2.01.000 Est. 06/25/2021 04/20/2021
Nuclias Business AP DBA-X2830P A1 US  2.01.000 Est. 04/15/2021 04/20/2021
Consumer AP/Extender DAP-1325 A1 US Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-1530 A2 US Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-1610 A2 US  Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-1620 B1 US   Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-1750 A1 US  Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-1755 A2 US Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-1820 A1 US  Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-1955 A2 US  Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-X1860 A1 Non-US Under Development Pending Release 04/20/2021
Consumer AP/Extender DAP-X1870 A1 US Not Affected Closed 04/20/2021
Consumer AP/Extender DIR-L1900 A1 US Under Development Pending Release 04/20/2021
Consumer AP/Extender DRA-1360 A1 Non-US  Under Development Pending Release 04/20/2021
Consumer AP/Extender DRA-2060 A1 Non-US Under Development Pending Release 04/20/2021
Consumer Mesh COVR-1100 A1 Non-US  Under Development Pending Release 04/20/2021
Consumer Mesh COVR-X1870 A1 Non-US Not Affected Closed 04/20/2021
Consumer Router DIR-1260 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-1260 R1 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-1360 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-1750 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-1760 A1 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-1950 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-1960 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-2055 A1 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-2150 A1 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-2150 R1 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-2640 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-2660 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-3040 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-3060 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-615 X1 Non-US  Under Development Pending Release 04/20/2021
Consumer Router DIR-821v2 A1 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-822 E1 Non-US  Under Development Pending Release 04/20/2021
Consumer Router DIR-822 C1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-822v2 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-825 I1 Non-US  Under Development Pending Release 04/20/2021
Consumer Router DIR-842      C1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-853 A1 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-853 A2 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-853 A3 Non-US Under Development Pending Release 04/20/2021
Consumer Router DIR-867 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-878 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-882 A1 US Under Development Pending Release 04/20/2021
Consumer Router DIR-LX1870 A1 US Not Affected Closed 04/20/2021
Consumer Router DIR-X1560 A1 US Not Affected Closed 04/20/2021
Consumer Router DIR-X1860       A1 Non-US  Under Development Pending Release 04/20/2021
Consumer Router DIR-X1870 A1 US Not Affected Closed 04/20/2021
Consumer Router DIR-X5460 A1 US  Not Affected Closed 04/20/2021
Consumer Router DIR-X6060 A1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWM-222 A1 Non-US  Under Development Pending Release 04/20/2021
Mobile Router DWM-222 A2 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-2101 A1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-910 D1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-920 A1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-932 D3 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-932 F1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-933 B1 US Under Development Pending Release 04/20/2021
Mobile Router DWR-933 B1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-953 B1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-953V2 A1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-956 C1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-960 B1 Non-US  Under Development Pending Release 04/20/2021
Mobile Router DWR-961 E1 Non-US  Under Development Pending Release 04/20/2021
Mobile Router DWR-961 D1 US  Under Development Pending Release 04/20/2021
Mobile Router DWR-972 A1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-978 A1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-M921 A1 Non-US Under Development Pending Release 04/20/2021
Mobile Router DWR-M953 A1 Non-US Under Development Pending Release 04/20/2021

xDSL Gateway

DSL-6740C

A2

Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-7740C

A1

Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DAS-3626 A1 Non-US Not Affected

Closed

04/20/2021
xDSL Gateway DSL-224 T1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2740U V2 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2750U W1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-G225 T2 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2750U V2 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2750E W1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2790U V1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2878 U1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2878 V1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-3785 B1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-3788 B2 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DVA-6800Z A1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-226 J1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DVA-2800 T1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-2888A T1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-G2452DG T2 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-G2562DG T1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-3890 A1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-3900 A1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DPN-100 C1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DPN-101G R1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DPN-1452DG J1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-124

R1

Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-125 R1 Non-US Not Affected Closed 04/20/2021
 xDSL Gateway  DSL-2750U  R1  Non-US  Under Development Pending Release 04/20/2021
 xDSL Gateway DSL-2640U  R1  Non-US Under Development Pending Release 04/20/2021
 xDSL Gateway  DSL-2740U  R1  Non-US Under Development Pending Release 04/20/2021
xDSL Gateway  DSL-224  R1  Non-US Under Development  Pending Release  04/20/2021
xDSL Gateway  DSL-224  R1  Non-US -  - 04/20/2021
xDSL Gateway DSL-G2452GR R1  Non-US Under Development  Pending Release 04/20/2021
xDSL Gateway DSL-245GR R1  Non-US Under Development  Pending Release 04/20/2021
xDSL Gateway DVG-5402G R1  Non-US Under Development  Pending Release 04/20/2021
xDSL Gateway DSL-G2452GE R1  Non-US Under Development  Pending Release 04/20/2021
xDSL Gateway DSL-245GE R1  Non-US Under Development  Pending Release 04/20/2021
xDSL Gateway DVG-3452GE R1  Non-US Under Development  Pending Release 04/20/2021
xDSL Gateway DSL-G2452GE S1 Non-US Under Development  Pending Release 04/20/2021
xDSL Gateway DSL-225 R1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-226 R1 Non-US Under Development Pending Release 04/20/2021
xDSL Gateway DSL-225 J1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2750U J1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2790U J1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-G225 J1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-2252 J1 Non-US Not Affected Closed 04/20/2021
xDSL Gateway DSL-X1852E R1 Non-US Under Development Pending Release 04/20/2021

 

 

 

Regarding the Security patch for your D-Link Devices

  

Firmware updates address the security vulnerabilities in affected D-Link devices. D-Link will update this continually, and we strongly recommend all users to install the relevant updates.

 

Please note that this is a device beta software, beta firmware, or hot-fix release which is still undergoing final testing before its official release. The beta software, beta firmware, or hot-fix is provided on an "as is" and "as available" basis, and the user assumes all risk and liability for use thereof. D-Link does not offer any warranties, whether express or implied, as to the beta firmware's suitability or usability. D-Link will not be liable for any loss, whether such loss is direct, indirect, special, or consequential, suffered by any party due to their use of the beta firmware.

 

As there are different hardware revisions on our products, please check this on your device before downloading the correct corresponding firmware update. The hardware revision information can usually be found on the product label on the product's underside next to the serial number. Alternatively, they can also be found on the device web configuration.

 

--