VR600 Issues To Resolve Requiring New FW
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
VR600 Issues To Resolve Requiring New FW
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
VR600 Issues To Resolve Requiring New FW
2018-04-02 18:09:26
Tags:
Model :
Hardware Version :
Firmware Version :
ISP :
This is my first post and it deals with two Avast linked issues that may or may not be critical or even valid,
Issue 1
This one has resolved itself after the second issue showed up,
On the USB media server the wifi scan would always say that a default username and password was active, i.e Admin Admin no matter if you used a new name and password outside of the one set for the router, possibly a glitch as the router has no name when setting up only a password, this applies whether you have USB sharing enabled or not, no matter how strong the password is or the name of the server you choose,
Issue 2
This one is more important imo, there is now a wifi report that the Dnsmsq is out of date (this is true because holes were patched in 2017) around September time, this isn't linked simply to TP-Link and there are reports from other router makes that show the same thing, BT Hub being one of them, BT support has said they are aware of it but are unable to exploit it in testing but will be doing an update this month according to the kind support guy on their forums,
The VR600 itself is imo a cracking router but it would be nice to see all routers get updated as and when risks are found, being as I've not seen any mention of it on this forum yet I felt the need to at least give TPL a heads up on this, and I repeat this isn't just a TPL issue, it's every router running a Dnsmsq version lower than 2.78 iirc,
I look forward to some support info once this has been seen and hopefully an updated FW to address both issues if they are indeed issues and not just Avast false positives,
If anyone reading wants to se more just Google Avast says Dnsmsq is vunerable on my router,
Thank you for your time reading.
Hardware Version :
Firmware Version :
ISP :
This is my first post and it deals with two Avast linked issues that may or may not be critical or even valid,
Issue 1
This one has resolved itself after the second issue showed up,
On the USB media server the wifi scan would always say that a default username and password was active, i.e Admin Admin no matter if you used a new name and password outside of the one set for the router, possibly a glitch as the router has no name when setting up only a password, this applies whether you have USB sharing enabled or not, no matter how strong the password is or the name of the server you choose,
Issue 2
This one is more important imo, there is now a wifi report that the Dnsmsq is out of date (this is true because holes were patched in 2017) around September time, this isn't linked simply to TP-Link and there are reports from other router makes that show the same thing, BT Hub being one of them, BT support has said they are aware of it but are unable to exploit it in testing but will be doing an update this month according to the kind support guy on their forums,
The VR600 itself is imo a cracking router but it would be nice to see all routers get updated as and when risks are found, being as I've not seen any mention of it on this forum yet I felt the need to at least give TPL a heads up on this, and I repeat this isn't just a TPL issue, it's every router running a Dnsmsq version lower than 2.78 iirc,
I look forward to some support info once this has been seen and hopefully an updated FW to address both issues if they are indeed issues and not just Avast false positives,
If anyone reading wants to se more just Google Avast says Dnsmsq is vunerable on my router,
Thank you for your time reading.
#1
Options
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Thread Manage
Announcement Manage
7 Reply
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
Re:VR600 Issues To Resolve Requiring New FW
2018-04-03 10:48:15
Sorry I left out some info,
The issue is listed as CVE-2017-14491.
Android devices used as a Wi-Fi hotspot can be also affected.
Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.
Note:
As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device.
Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.
[COLOR=#FFFFFF]
We have identified the following problem with your router or Wi-Fi hotspot device:
Reference: CVE-2017-14491 | Google Security Blog
Description:
The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.
Impact:
Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.
Recommendation:
The issue was fixed in DnsMasq software version 2.78, released in October 2017.
To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.
If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources.
The issue is listed as CVE-2017-14491.
Description
[HR][/HR]Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.Android devices used as a Wi-Fi hotspot can be also affected.
Solution
[HR][/HR]Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.
Note:
As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device.
Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.
[COLOR=#FFFFFF]
Details
We have identified the following problem with your router or Wi-Fi hotspot device:
DnsMasq heap buffer overflow vulnerability
[HR][/HR]Severity: HighReference: CVE-2017-14491 | Google Security Blog
Description:
The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.
Impact:
Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.
Recommendation:
The issue was fixed in DnsMasq software version 2.78, released in October 2017.
To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.
If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#2
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
Re:VR600 Issues To Resolve Requiring New FW
2018-04-09 18:39:16
This is a very important issue so could someone in the mod team please boot it up higher,
More findings are that the hole is still visible but a scan with Avast from a wifi connected device finds no issues based on the client being simply a client and not an admin device,
I realise there has been a festival recently and you may be a bit behind right now but this really needs addressing and even if you don't have a fix on hand right now some news to say you are working on it would be welcome, it's likely to be every router you offer so not just the VR600 and as I said it's not just TPL it's all the router manufacturer's with this issue that use Dnsmsq in their FW's.
Don't rush out to buy another router, they're all pretty well effected right now if they use Dnsmsq, some don't and they won't be at risk but the main ones you're likely to buy from the usual suspects are also at risk right now.
More findings are that the hole is still visible but a scan with Avast from a wifi connected device finds no issues based on the client being simply a client and not an admin device,
I realise there has been a festival recently and you may be a bit behind right now but this really needs addressing and even if you don't have a fix on hand right now some news to say you are working on it would be welcome, it's likely to be every router you offer so not just the VR600 and as I said it's not just TPL it's all the router manufacturer's with this issue that use Dnsmsq in their FW's.
Don't rush out to buy another router, they're all pretty well effected right now if they use Dnsmsq, some don't and they won't be at risk but the main ones you're likely to buy from the usual suspects are also at risk right now.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#3
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
Re:VR600 Issues To Resolve Requiring New FW
2018-04-11 01:37:42
Ok that's two unboxed routers that I'll have returned, can't deal with deafness tbh and it's all too silent here for a support forum, the annoying thing is other than this lack or support the unit is actually very good.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#4
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
Re:VR600 Issues To Resolve Requiring New FW
2018-04-11 01:45:29
One last try and sorry if the translation isn't good,
問題1
這一個人在第二個問題出現後就自行解決了,
在 USB 媒體伺服器上, wifi 掃描總是說預設使用者名和密碼是活動的, 我. 管理員管理員不管您在路由器的一組中使用了新名稱和密碼, 可能是由於路由器在設置 pas 時沒有名稱而出現故障。劍, 這適用于無論您是否啟用了 USB 共用, 無論密碼有多強或您選擇的伺服器的名稱如何,
問題2
這是一個更重要的海事組織, 現在有一個 wifi 報告說, Dnsmsq 是過時的 (這是真的, 因為漏洞是在2017年補丁) 大約9月時間, 這不是連結簡單的 TP 連結, 並有來自其他路由器的報告, 顯示相同的事情, bt 的樞紐是其中之一, bt 支援已經表示, 他們知道它, 但無法在測試中利用它, 但將在本月進行更新根據他們的論壇上的支援傢伙,
VR600 本身是一個破解路由器, 但它會很高興看到所有的路由器得到更新, 當風險被發現時, 因為我沒有看到任何提到它在這個論壇上, 但我覺得需要至少給 TPL 一個頭上這個, 我重複這不僅僅是一個 TPL 的問題, 它的每個路由器運行一個 Dnsmsq 版本低於 2.78 iirc,
我期待著一些支援資訊, 一旦看到這一點, 並希望一個更新的固件, 以解決這兩個問題, 如果他們確實是問題, 而不僅僅是 Avast 誤報,
如果任何閱讀的人想更多的只是谷歌 Avast 說 Dnsmsq 是 vunerable 在我的路由器上,
謝謝你的時間閱讀。
----------------------------
zhè shì wǒ de dì yī gè tiě zi , tā chǔ lǐ liǎng gè Avast 連結 de 問題, kě néng shì huò kě néng bú shì guān jiàn de , shèn zhì shì yǒu xiào de ,
問題1 zhè yí gè rén zài dì èr gè wèn tí chū xiàn hòu jiù zì xíng jiě jué le ,
zài USB méi tǐ sì fú qì shàng , wifi sǎo miáo zōng shì shuō yù shè shǐ yòng zhě míng hé mì mǎ shì huó dòng de , wǒ . guǎn lǐ yuán guǎn lǐ yuán bù guǎn nín zài lù yóu qì de yì zǔ zhōng shǐ yòng le xīn míng chēng hé mì mǎ , kě néng shì yóu yú lù yóu qì zài shè zhì pas shí méi yǒu míng chēng ér chū xiàn gù zhàng 。劍, zhè shì yòng yú wú lùn nín shì fǒu qǐ yòng le USB gòng yòng , wú lùn mì mǎ yǒu duō qiáng huò nín xuǎn zé de sì fú qì de míng chēng rú hé ,
問題2 zhè shì yí gè gèng zhòng yào de hǎi shì zǔ zhī , xiàn zài yǒu yí gè wifi bào gào shuì , Dnsmsq shì guò shí de (這 shì zhēn de , yīn wéi lòu dòng shì zài 2017 nián 補 dīng ) dà yuē 9 yuè 時間, zhè bú shì lián jié jiǎn dān de TP 連結, bìng yǒu lái zì qí tā lù yóu qì de bào gào , xiǎn shì xiāng tóng de shì qing , bt de shū niǔ shì qí zhōng zhī yī , bt zhī yuán yǐ jīng biǎo shì , tā 們 zhī dào tā , dàn wú fǎ zài cè shì zhōng lì yòng tā , dàn jiāng zài běn yuè jìn xíng gēng xīn gēn jù tā men de lùn tán shàng de zhī yuán jiā huo ,
VR600 běn shēn shì yí gè pò jiě lù yóu qì , dàn tā huì hěn gāo xìng kàn dào suǒ yǒu de lù yóu qì dé dào gēng xīn , dāng fēng xiǎn bèi fā xiàn shí , yīn wéi wǒ méi yǒu kàn dào rèn hé tí dào tā zài zhè ge lùn tán shàng , dàn wǒ jué de xū yào zhì shǎo gěi TPL yí gè tóu shàng zhè ge , wǒ chóng fù zhè bù jǐn jǐn shì yí gè TPL de 問題, tā de měi gè lù yóu qì yùn xíng yí gè Dnsmsq bǎn běn dī yú 2.78 iirc, wǒ qī dài zhe yì xiē zhī yuán zī xùn , yí dàn kàn dào zhè yì diǎn , bìng xī wàng yí gè gēng xīn de gù jiàn , yǐ jiě jué zhè liǎng gè wèn tí , rú guǒ tā men què shí shì wèn tí , ér bù jǐn jǐn shì Avast 誤報, rú guǒ rèn hé yuè dú de rén xiǎng gèng duō de zhǐ shì gǔ gē Avast shuì Dnsmsq shì vunerable zài wǒ de lù yóu qì shàng , xiè xiè nǐ de shí jiān yuè dòu。
問題1
這一個人在第二個問題出現後就自行解決了,
在 USB 媒體伺服器上, wifi 掃描總是說預設使用者名和密碼是活動的, 我. 管理員管理員不管您在路由器的一組中使用了新名稱和密碼, 可能是由於路由器在設置 pas 時沒有名稱而出現故障。劍, 這適用于無論您是否啟用了 USB 共用, 無論密碼有多強或您選擇的伺服器的名稱如何,
問題2
這是一個更重要的海事組織, 現在有一個 wifi 報告說, Dnsmsq 是過時的 (這是真的, 因為漏洞是在2017年補丁) 大約9月時間, 這不是連結簡單的 TP 連結, 並有來自其他路由器的報告, 顯示相同的事情, bt 的樞紐是其中之一, bt 支援已經表示, 他們知道它, 但無法在測試中利用它, 但將在本月進行更新根據他們的論壇上的支援傢伙,
VR600 本身是一個破解路由器, 但它會很高興看到所有的路由器得到更新, 當風險被發現時, 因為我沒有看到任何提到它在這個論壇上, 但我覺得需要至少給 TPL 一個頭上這個, 我重複這不僅僅是一個 TPL 的問題, 它的每個路由器運行一個 Dnsmsq 版本低於 2.78 iirc,
我期待著一些支援資訊, 一旦看到這一點, 並希望一個更新的固件, 以解決這兩個問題, 如果他們確實是問題, 而不僅僅是 Avast 誤報,
如果任何閱讀的人想更多的只是谷歌 Avast 說 Dnsmsq 是 vunerable 在我的路由器上,
謝謝你的時間閱讀。
----------------------------
zhè shì wǒ de dì yī gè tiě zi , tā chǔ lǐ liǎng gè Avast 連結 de 問題, kě néng shì huò kě néng bú shì guān jiàn de , shèn zhì shì yǒu xiào de ,
問題1 zhè yí gè rén zài dì èr gè wèn tí chū xiàn hòu jiù zì xíng jiě jué le ,
zài USB méi tǐ sì fú qì shàng , wifi sǎo miáo zōng shì shuō yù shè shǐ yòng zhě míng hé mì mǎ shì huó dòng de , wǒ . guǎn lǐ yuán guǎn lǐ yuán bù guǎn nín zài lù yóu qì de yì zǔ zhōng shǐ yòng le xīn míng chēng hé mì mǎ , kě néng shì yóu yú lù yóu qì zài shè zhì pas shí méi yǒu míng chēng ér chū xiàn gù zhàng 。劍, zhè shì yòng yú wú lùn nín shì fǒu qǐ yòng le USB gòng yòng , wú lùn mì mǎ yǒu duō qiáng huò nín xuǎn zé de sì fú qì de míng chēng rú hé ,
問題2 zhè shì yí gè gèng zhòng yào de hǎi shì zǔ zhī , xiàn zài yǒu yí gè wifi bào gào shuì , Dnsmsq shì guò shí de (這 shì zhēn de , yīn wéi lòu dòng shì zài 2017 nián 補 dīng ) dà yuē 9 yuè 時間, zhè bú shì lián jié jiǎn dān de TP 連結, bìng yǒu lái zì qí tā lù yóu qì de bào gào , xiǎn shì xiāng tóng de shì qing , bt de shū niǔ shì qí zhōng zhī yī , bt zhī yuán yǐ jīng biǎo shì , tā 們 zhī dào tā , dàn wú fǎ zài cè shì zhōng lì yòng tā , dàn jiāng zài běn yuè jìn xíng gēng xīn gēn jù tā men de lùn tán shàng de zhī yuán jiā huo ,
VR600 běn shēn shì yí gè pò jiě lù yóu qì , dàn tā huì hěn gāo xìng kàn dào suǒ yǒu de lù yóu qì dé dào gēng xīn , dāng fēng xiǎn bèi fā xiàn shí , yīn wéi wǒ méi yǒu kàn dào rèn hé tí dào tā zài zhè ge lùn tán shàng , dàn wǒ jué de xū yào zhì shǎo gěi TPL yí gè tóu shàng zhè ge , wǒ chóng fù zhè bù jǐn jǐn shì yí gè TPL de 問題, tā de měi gè lù yóu qì yùn xíng yí gè Dnsmsq bǎn běn dī yú 2.78 iirc, wǒ qī dài zhe yì xiē zhī yuán zī xùn , yí dàn kàn dào zhè yì diǎn , bìng xī wàng yí gè gēng xīn de gù jiàn , yǐ jiě jué zhè liǎng gè wèn tí , rú guǒ tā men què shí shì wèn tí , ér bù jǐn jǐn shì Avast 誤報, rú guǒ rèn hé yuè dú de rén xiǎng gèng duō de zhǐ shì gǔ gē Avast shuì Dnsmsq shì vunerable zài wǒ de lù yóu qì shàng , xiè xiè nǐ de shí jiān yuè dòu。
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#5
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
Re:VR600 Issues To Resolve Requiring New FW
2018-04-11 01:47:53
該問題被列為 CVE-2017-14491。
我們的掃描在您的路由器或 wi-fi 熱點設備上發現了一個漏洞。您的設備包含一個問題, 可能被犯罪分子誤用, 闖入您的網路並危及您的安全和隱私。
作為 wi-fi 熱點的 Android 設備也會受到影響。
有關說明, 請參閱設備手冊。如果 adressing 漏洞問題的更新不可用, 請與設備的供應商或製造商聯繫, 以便儘快提供更新。
注意:
由於路由器通常不執行自動更新, 因此需要手動下載並在設備上安裝相應的修補程式。
操作不正確, 應用最新的固件可能會使路由器無法使用。我們只向高級使用者或電腦技術人員推薦此方法。
詳細資訊 [/小時]
嚴重性: 高
參考: CVE-2017-14491 |谷歌安全博客
描述:
受影響的設備的 DNS 服務正在運行一個過時版本的 DnsMasq 軟體, 已知有堆緩衝區溢位漏洞。遠端攻擊者可以通過向設備發送格式錯誤的 DNS 資料包來獲取對網路設備和 Internet 連接的控制。它允許攻擊者攔截連接並執行通信劫持, 或者使用無限制的許可權執行任意代碼, 以及訪問存儲在設備上的所有重要和私有資料--您的設備登錄/密碼組合, 您的 wi-fi密碼和配置資料。
影響:
任何連接到網路的設備, 包括電腦、電話、平板電腦、印表機、安全攝像頭或家庭或辦公室網路中的任何其他網路設備, 都可能
--------------------------------------
gāi wèn tí bèi liè wéi CVE-2017-14491。
yǒu 關說 míng , qǐng cān yuè shè bèi shǒu cè 。 rú guǒ adressing lòu dòng wèn tí de gēng xīn bù kě yòng , qǐng yǔ shè bèi de gōng yìng shāng huò zhì zào shāng lián jì , yǐ biàn jǐn kuài tí gòng gēng xīn 。
zhù yì : yóu yú lù yóu qì tōng cháng bù zhí xíng zì dòng gēng xīn , yīn cǐ xū yào shǒu dòng xià zǎi bìng zài shè bèi shàng ān zhuāng xiāng yìng de xiū bǔ chéng shì 。
cāo zuò bù zhèng 確, yìng yòng zuì xīn de gù jiàn kě néng huì shǐ lù yóu qì wú fǎ shǐ yòng 。 wǒ men zhǐ xiàng gāo jí shǐ yòng zhě huò diàn nǎo jì shù rén yuán tuī jiàn cǐ fāng fǎ 。
xiáng xì zī xùn [/ xiǎo 時] wǒ men yǐ què dìng nín de lù yóu qì huò wi-fi rè diǎn shè bèi cún zài yǐ xià wèn tí :
yán zhòng xìng : gāo cān kǎo |: CVE-2017-14491 | gǔ gē ān quán bó kè miáo shù : shòu yǐng xiǎng de shè bèi de DNS fú wù zhèng zài yùn xíng yí gè guò shí bǎn běn de DnsMasq 軟體, yǐ zhī yǒu duī huǎn chōng qū yì wèi lòu dòng 。 yuǎn duān gōng jī zhě kě yǐ tōng guò xiàng shè bèi fā sòng gé shì cuò wù de DNS zī liào bāo lái huò qǔ duì wǎng lù shè bèi hé Internet 連 jiē de kòng zhì 。 tā yǔn xǔ gōng jī zhě lán jié lián jiē bìng zhí xíng tōng xìn jié chí , huò zhě shǐ yòng wú xiàn zhì de xǔ kě quán zhí xíng rèn yì dài mǎ , yǐ jí fǎng wèn cún chǔ zài shè bèi shàng de suǒ yǒu zhòng yào hé sī yǒu zī liào -- nín de shè bèi dēng lù / mì 碼組 hé , nín de wi-fi mì mǎ hé pèi zhì zī liào 。
yǐng 響: rèn hé lián jiē dào wǎng lù de shè bèi , bāo kuò 電腦、 diàn huà 、 píng bǎn diàn nǎo 、 yìn biǎo jī 、 ān quán shè xiàng tóu huò jiā tíng huò bàn gōng shì wǎng lù zhōng de rèn hé qí tā wǎng lù shè bèi , dōu kě néng
說明
我們的掃描在您的路由器或 wi-fi 熱點設備上發現了一個漏洞。您的設備包含一個問題, 可能被犯罪分子誤用, 闖入您的網路並危及您的安全和隱私。
作為 wi-fi 熱點的 Android 設備也會受到影響。
解決方案
某些漏洞可能會在設備固件或系統更新的新版本中進行修補。應用最新的固件或系統更新可能會解決此問題。有關說明, 請參閱設備手冊。如果 adressing 漏洞問題的更新不可用, 請與設備的供應商或製造商聯繫, 以便儘快提供更新。
注意:
由於路由器通常不執行自動更新, 因此需要手動下載並在設備上安裝相應的修補程式。
操作不正確, 應用最新的固件可能會使路由器無法使用。我們只向高級使用者或電腦技術人員推薦此方法。
詳細資訊 [/小時]
我們已確定您的路由器或 wi-fi 熱點設備存在以下問題:
[h=3]DnsMasq 堆緩衝區溢位漏洞
嚴重性: 高
參考: CVE-2017-14491 |谷歌安全博客
描述:
受影響的設備的 DNS 服務正在運行一個過時版本的 DnsMasq 軟體, 已知有堆緩衝區溢位漏洞。遠端攻擊者可以通過向設備發送格式錯誤的 DNS 資料包來獲取對網路設備和 Internet 連接的控制。它允許攻擊者攔截連接並執行通信劫持, 或者使用無限制的許可權執行任意代碼, 以及訪問存儲在設備上的所有重要和私有資料--您的設備登錄/密碼組合, 您的 wi-fi密碼和配置資料。
影響:
任何連接到網路的設備, 包括電腦、電話、平板電腦、印表機、安全攝像頭或家庭或辦公室網路中的任何其他網路設備, 都可能
--------------------------------------
gāi wèn tí bèi liè wéi CVE-2017-14491。
shuì míng
wǒ men de sǎo miáo zài nín de lù yóu qì huò wi-fi rè diǎn shè bèi shàng fā xiàn le yī gè lòu dòng 。 nín de shè bèi bāo hán yí gè wèn tí , kě néng bèi fàn zuì fèn zi wù yòng , chuǎng rù nín de wǎng lù bìng wēi jí nín de ān quán hé yǐn sī 。 zuò wéi wi-fi rè diǎn de Android shè bèi yě huì shòu dào yǐng xiǎng 。jiě jué fāng àn
mǒu xiē lòu dòng kě néng huì zài shè bèi gù jiàn huò xì tǒng gēng xīn de xīn bǎn běn zhōng jìn xíng xiū bǔ 。 yìng yòng zuì xīn de gù jiàn huò xì tǒng gēng xīn kě néng huì jiě jué cǐ wèn tí 。yǒu 關說 míng , qǐng cān yuè shè bèi shǒu cè 。 rú guǒ adressing lòu dòng wèn tí de gēng xīn bù kě yòng , qǐng yǔ shè bèi de gōng yìng shāng huò zhì zào shāng lián jì , yǐ biàn jǐn kuài tí gòng gēng xīn 。
zhù yì : yóu yú lù yóu qì tōng cháng bù zhí xíng zì dòng gēng xīn , yīn cǐ xū yào shǒu dòng xià zǎi bìng zài shè bèi shàng ān zhuāng xiāng yìng de xiū bǔ chéng shì 。
cāo zuò bù zhèng 確, yìng yòng zuì xīn de gù jiàn kě néng huì shǐ lù yóu qì wú fǎ shǐ yòng 。 wǒ men zhǐ xiàng gāo jí shǐ yòng zhě huò diàn nǎo jì shù rén yuán tuī jiàn cǐ fāng fǎ 。
xiáng xì zī xùn [/ xiǎo 時] wǒ men yǐ què dìng nín de lù yóu qì huò wi-fi rè diǎn shè bèi cún zài yǐ xià wèn tí :
[h=3]DnsMasq duī huǎn chōng qū yì wèi lòu dòng
yán zhòng xìng : gāo cān kǎo |: CVE-2017-14491 | gǔ gē ān quán bó kè miáo shù : shòu yǐng xiǎng de shè bèi de DNS fú wù zhèng zài yùn xíng yí gè guò shí bǎn běn de DnsMasq 軟體, yǐ zhī yǒu duī huǎn chōng qū yì wèi lòu dòng 。 yuǎn duān gōng jī zhě kě yǐ tōng guò xiàng shè bèi fā sòng gé shì cuò wù de DNS zī liào bāo lái huò qǔ duì wǎng lù shè bèi hé Internet 連 jiē de kòng zhì 。 tā yǔn xǔ gōng jī zhě lán jié lián jiē bìng zhí xíng tōng xìn jié chí , huò zhě shǐ yòng wú xiàn zhì de xǔ kě quán zhí xíng rèn yì dài mǎ , yǐ jí fǎng wèn cún chǔ zài shè bèi shàng de suǒ yǒu zhòng yào hé sī yǒu zī liào -- nín de shè bèi dēng lù / mì 碼組 hé , nín de wi-fi mì mǎ hé pèi zhì zī liào 。
yǐng 響: rèn hé lián jiē dào wǎng lù de shè bèi , bāo kuò 電腦、 diàn huà 、 píng bǎn diàn nǎo 、 yìn biǎo jī 、 ān quán shè xiàng tóu huò jiā tíng huò bàn gōng shì wǎng lù zhōng de rèn hé qí tā wǎng lù shè bèi , dōu kě néng
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#6
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
Re:VR600 Issues To Resolve Requiring New FW
2018-04-24 09:02:39
Well what to say!
Absolutely NO support whatsoever!
Plus points,
Routers are imo very good but like a car running on flat tyres thanks to the owner never bothering to do any checks on the car,
Today I find Asus released a new FW for a 5 year old unit to cover all the holes that every TPL device is vunerable to right now,
Sadly this trend continues across the range and most products still have FW from 2016 and beyond, no way to run a business and especially if you actually have good products like TPL appear to make, no support kills it though and you've lost me over this now, I'll hammer on as best I can by using the security features in the unit but once I see a newish unit from a vendor who I can see actively supports it's products and helplines I'll be changing team,
I don't expect any replies as I've not had any so far but for those reading be aware that there have been many holes found since 2016 and TPL seems reluctant to do anything to keep us as safe as it possibly can, anyway I must nip out I'm buying a new car with this no braking feature, it saves a fortune on pads and discs and according to the manual everything will be ok as long as I ensure I leave enough time to poke my feet through the floor when I need to stop etc, I wasn't too sure about the zero liability bit in the terms and cons but what could possibly go wrong as I always wear timberland boots with heavy duty blakeys in the heels :(
Absolutely NO support whatsoever!
Plus points,
Routers are imo very good but like a car running on flat tyres thanks to the owner never bothering to do any checks on the car,
Today I find Asus released a new FW for a 5 year old unit to cover all the holes that every TPL device is vunerable to right now,
Sadly this trend continues across the range and most products still have FW from 2016 and beyond, no way to run a business and especially if you actually have good products like TPL appear to make, no support kills it though and you've lost me over this now, I'll hammer on as best I can by using the security features in the unit but once I see a newish unit from a vendor who I can see actively supports it's products and helplines I'll be changing team,
I don't expect any replies as I've not had any so far but for those reading be aware that there have been many holes found since 2016 and TPL seems reluctant to do anything to keep us as safe as it possibly can, anyway I must nip out I'm buying a new car with this no braking feature, it saves a fortune on pads and discs and according to the manual everything will be ok as long as I ensure I leave enough time to poke my feet through the floor when I need to stop etc, I wasn't too sure about the zero liability bit in the terms and cons but what could possibly go wrong as I always wear timberland boots with heavy duty blakeys in the heels :(
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#7
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 2
Helpful: 0
Solutions: 0
Stories: 0
Registered: 2018-07-15
Re:VR600 Issues To Resolve Requiring New FW
2018-07-15 14:02:57
Really - then I've wasted my time not only joining this forum but also buying a TP Link ArcherVR600 because the modem from Telstra free for going over to the NBN in Australia and my Avast free said exact same thing. And I am Lamb Chop on Telstra's community forum. So feel completely dudded. I asked around and got told TP link routers were able to be updated manually by owner using it. And thought OK that's for me.
I've opened the box and the directions as to set it up for a Senior like myself are not clear at all. As usual think you are above average user and know technicalities. Like no labelling on any of the cables or even a diagram to show which box of cables etc to use for which port or place on modem. I did get hubbie to put the antenna in as beat me - being female he said.
Also just had both cararacts surgery and cant read small print until time has passed and eyes ready for prescription lenses they say. Doesnt help setting up.
If anyone knows where I can go for a set up for this router T Link Archer VR600 for dummies please message me or email or whatever is allowed here.
Thanks. And Hannabal same as you may have been there seemingly.
BTW Telstra experts told me just after ordered and paid for this router - not to take any notice of Avast as false positives or some such. But I do my banking on here and dont want to log on and find nil balance.
I've opened the box and the directions as to set it up for a Senior like myself are not clear at all. As usual think you are above average user and know technicalities. Like no labelling on any of the cables or even a diagram to show which box of cables etc to use for which port or place on modem. I did get hubbie to put the antenna in as beat me - being female he said.
Also just had both cararacts surgery and cant read small print until time has passed and eyes ready for prescription lenses they say. Doesnt help setting up.
If anyone knows where I can go for a set up for this router T Link Archer VR600 for dummies please message me or email or whatever is allowed here.
Thanks. And Hannabal same as you may have been there seemingly.
BTW Telstra experts told me just after ordered and paid for this router - not to take any notice of Avast as false positives or some such. But I do my banking on here and dont want to log on and find nil balance.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
0
We appreciate your feedback. Feel free to let us know more. Log in to submit feedback.
#8
Options
- Copy Link
- Report Inappropriate Content
Thread Manage
Announcement Manage
Posts: 54
Helpful: 7
Solutions: 0
Stories: 0
Registered: 2018-04-02
Information
Helpful: 0
Views: 805
Replies: 7
Voters 0
No one has voted for it yet.
Tags
Related Articles
VR600 200701 FW Issues
1072
1
Archer VR600 issues
506
0
Archer vr600 issues
1379
0
Archer VR600 issues
1572
0
Report Inappropriate Content
Transfer Module
New message