Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
I Plan to Stick Around
Posts: 12

Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

I had no network security problems during the past several years using Ignite30 internet service. Avast antivirus was running on two my Windows PC and never detected an issue with my home network. There were no Avast updates during the past few weeks. On January 11, 2019, I upgraded my internet service to Ignite500 and had to replace my old Hitron modem with the brand new one Hitron CODA4582. When I ran antivirus just after the upgrade no network security problems were detected. However, starting January 14 Avast started indicating this home network security problem:

 

DNS: Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491.

 

Risks

Attackers can abuse this vulnerability to disrupt  normal functions of this device and make it unresponsive.

Attackers can execute their own code on this device.

Type:                       DNS

Port:                        53

Vulnerability ID:    CVE-2017-14491

 

You may google this ID to get more details about this critical security issue.

 

Any attempts to reboot Hitron modem, reset to the factory settings, replace it with the new one and even installing the latest version of Avast antivirus on both Windows PCs did not help. All modem settings were verified by Rogers' technical support and they were all OK.

 

Please help to resolve this problem that was detected first time by Google security team back in September 2017.

 

BTW, a new security patch in modems' firmware was created and released by Red Hat in October 2017. The latest version of Hitron CODA-4582U modem firmware presumably should have it.

 

Thank you.

 

*Added Labels*

Highlighted
Moderator
Moderator
Posts: 1,541

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Hello, @Vladimir1.

 

Welcome to the Rogers Community Forums! 🙂

 

Thank you for posting the vulnerability flagged by your AV software in the Community. In the past we have briefly discussed this matter, since then it didn't surface back until now. 

 

Have you made any changes to the DNS servers on the modem? 

 

We can look into deploying the latest firmware to your modem. If your modem is not running 2.0.10.36T6; please send us a private message @CommunityHelpsYou can find details about our private messaging in this blog.

 

Please provide the Avast AV software version and also please state if it's a free or paid version. 

 

Community - anybody else running Avast getting this warning?

 

Cheers,

RogersMoin

 

 

 

 

I Plan to Stick Around
Posts: 12

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Hi RogersMoin,

 

Thank you for a prompt response. Please read my answers below.

 

I did not make any changes to the DNS servers on the first and the second (current) Hitron CODA-4582U modem. Just executed a simple setup. Both modems use original factory settings. I don't know what is the firmware version on them. Avast does not show it, however, it can be determined by Rogers technician.

 

I installed the latest free version 19.1.2360 of Avast on my Windows 10 desktop. My old HP laptop with Windows XP runs free version 18.8.2356 installed in November 2018. There were no further AV updates for it.

Both AV versions report the same modem vulnerability problem and no problems on each PCs. Both machines are connected directly via a cable to the modem.

 

To exclude any related software/OS/antivirus influence on the network security I brought my laptop to the closest Toronto Public library branch and connected it to a free Wifi there. Avast reported NO ISSUES with the network/modem there except network encryption (which is expected).

 

This simple test points to Hitron modem at home as a root. Please review.

I Plan to Stick Around
Posts: 12

Re: Unstable 500u internet

Hi,

Unfortunately, the latest modem firmware update did not resolve this issue. Thank you.

I Plan to Stick Around
Posts: 12

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Hi RogersMoin,

 

My Hitron CODA-4582U modem has the latest firmware installed on January 17, 2019. However, I found that even this firmware uses the old dnsmasq version 2.75 (dated July 2015).

 

As per Red Hat recommendation to fix this critical DNS vulnerability issue dnsmasq 2.78 (available from October 2017) or higher versions (e.g. the latest currently available 2.80) must be used.

 

It means that all Rogers Hitron CODA-4285 modems and possibly some others are vulnerable to attacks and all networks using them are at risk until dnsmasq will be upgraded.  

I've Been Here Awhile
Posts: 4

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

I've got the Technicolor XB6 and Avast has never told me of this issue. Probably never will either. And yes I'm on the Ignite 500 plan.

I Plan to Stick Around
Posts: 12

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

There are at least two reasons why your Avast has never told of this issue. For example:

 

1. Avast antivirus versions for Windows and mobile devices are different. Avast for mobile devices does not have WiFi Inspector to check modem security. Therefore, this Avast version will not complain,  even if there is a modem security issue.

 

Avast mobile runs on my two Samsung tablets and smartphone. it also does not see any issue on my Hitron CODA-4582 modem and does not complain. 

 

2 Your modem is not from Hitron and uses a different firmware which in turn may run dnsmasq version 2.78 or higher. So, Avast will not complain about CVE-2017-14491 if it is a case  

I've Been Here Awhile
Posts: 4

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

When it was set up I know Avast thought the network was "Public" but sliding that over to "Private" fixed that issue.

I Plan to Stick Around
Posts: 12

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

I am not sure what issue you've mentioned in your latest reply. Please clarify.

 

My home network is private from the moment it was set up. It is PRIVATE from Avast perspective too. 

 

Avast detects the vulnerability ID: CVE-2017-14491 on the router CODA-4582U connecting Rogers network to my home one. The connection from the router to all PCs within my home network is OK. There is no vulnerability there.

 

Avast checks, if the appropriate version of dnsmasq is used by the firmware on each router and other communication devices within a home network.

 

This vulnerability will stay (irrespectively of Avast setting) your until Rogers would inform Hitron and request to update CODA-4582 firmware to use the currently available dnsmasq 2.80. 

 

RogersMoin will inform when it will be done. 

I Plan to Stick Around
Posts: 12

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Just FYI. The CVE-2017-14491 was discovered with various models of Netgear modems/routers sometime in March 2018. Please read the blogs from Netgear community, as well as when it was resolved after this manufacturer updated their firmware to use dnsmasq V2.78 or higher version around August 2018.

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Avast-Vulnerability-Catalogue-ID-CVE-2017-14...