cancel
Showing results for 
Search instead for 
Did you mean: 

Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Vladimir1
I Plan to Stick Around

I had no network security problems during the past several years using Ignite30 internet service. Avast antivirus was running on two my Windows PC and never detected an issue with my home network. There were no Avast updates during the past few weeks. On January 11, 2019, I upgraded my internet service to Ignite500 and had to replace my old Hitron modem with the brand new one Hitron CODA4582. When I ran antivirus just after the upgrade no network security problems were detected. However, starting January 14 Avast started indicating this home network security problem:

 

DNS: Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491.

 

Risks

Attackers can abuse this vulnerability to disrupt  normal functions of this device and make it unresponsive.

Attackers can execute their own code on this device.

Type:                       DNS

Port:                        53

Vulnerability ID:    CVE-2017-14491

 

You may google this ID to get more details about this critical security issue.

 

Any attempts to reboot Hitron modem, reset to the factory settings, replace it with the new one and even installing the latest version of Avast antivirus on both Windows PCs did not help. All modem settings were verified by Rogers' technical support and they were all OK.

 

Please help to resolve this problem that was detected first time by Google security team back in September 2017.

 

BTW, a new security patch in modems' firmware was created and released by Red Hat in October 2017. The latest version of Hitron CODA-4582U modem firmware presumably should have it.

 

Thank you.

 

*Added Labels*

10 REPLIES 10

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

RogersMoin
Moderator
Moderator

Hello, @Vladimir1.

 

Welcome to the Rogers Community Forums! 🙂

 

Thank you for posting the vulnerability flagged by your AV software in the Community. In the past we have briefly discussed this matter, since then it didn't surface back until now. 

 

Have you made any changes to the DNS servers on the modem? 

 

We can look into deploying the latest firmware to your modem. If your modem is not running 2.0.10.36T6; please send us a private message @CommunityHelpsYou can find details about our private messaging in this blog.

 

Please provide the Avast AV software version and also please state if it's a free or paid version. 

 

Community - anybody else running Avast getting this warning?

 

Cheers,

RogersMoin

 

 

 

 

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Vladimir1
I Plan to Stick Around

Hi RogersMoin,

 

Thank you for a prompt response. Please read my answers below.

 

I did not make any changes to the DNS servers on the first and the second (current) Hitron CODA-4582U modem. Just executed a simple setup. Both modems use original factory settings. I don't know what is the firmware version on them. Avast does not show it, however, it can be determined by Rogers technician.

 

I installed the latest free version 19.1.2360 of Avast on my Windows 10 desktop. My old HP laptop with Windows XP runs free version 18.8.2356 installed in November 2018. There were no further AV updates for it.

Both AV versions report the same modem vulnerability problem and no problems on each PCs. Both machines are connected directly via a cable to the modem.

 

To exclude any related software/OS/antivirus influence on the network security I brought my laptop to the closest Toronto Public library branch and connected it to a free Wifi there. Avast reported NO ISSUES with the network/modem there except network encryption (which is expected).

 

This simple test points to Hitron modem at home as a root. Please review.

Re: Unstable 500u internet

Vladimir1
I Plan to Stick Around

Hi,

Unfortunately, the latest modem firmware update did not resolve this issue. Thank you.

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Vladimir1
I Plan to Stick Around

Hi RogersMoin,

 

My Hitron CODA-4582U modem has the latest firmware installed on January 17, 2019. However, I found that even this firmware uses the old dnsmasq version 2.75 (dated July 2015).

 

As per Red Hat recommendation to fix this critical DNS vulnerability issue dnsmasq 2.78 (available from October 2017) or higher versions (e.g. the latest currently available 2.80) must be used.

 

It means that all Rogers Hitron CODA-4285 modems and possibly some others are vulnerable to attacks and all networks using them are at risk until dnsmasq will be upgraded.  

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Driver8666
I've Been Here Awhile

I've got the Technicolor XB6 and Avast has never told me of this issue. Probably never will either. And yes I'm on the Ignite 500 plan.

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Vladimir1
I Plan to Stick Around

There are at least two reasons why your Avast has never told of this issue. For example:

 

1. Avast antivirus versions for Windows and mobile devices are different. Avast for mobile devices does not have WiFi Inspector to check modem security. Therefore, this Avast version will not complain,  even if there is a modem security issue.

 

Avast mobile runs on my two Samsung tablets and smartphone. it also does not see any issue on my Hitron CODA-4582 modem and does not complain. 

 

2 Your modem is not from Hitron and uses a different firmware which in turn may run dnsmasq version 2.78 or higher. So, Avast will not complain about CVE-2017-14491 if it is a case  

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Driver8666
I've Been Here Awhile

When it was set up I know Avast thought the network was "Public" but sliding that over to "Private" fixed that issue.

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Vladimir1
I Plan to Stick Around

I am not sure what issue you've mentioned in your latest reply. Please clarify.

 

My home network is private from the moment it was set up. It is PRIVATE from Avast perspective too. 

 

Avast detects the vulnerability ID: CVE-2017-14491 on the router CODA-4582U connecting Rogers network to my home one. The connection from the router to all PCs within my home network is OK. There is no vulnerability there.

 

Avast checks, if the appropriate version of dnsmasq is used by the firmware on each router and other communication devices within a home network.

 

This vulnerability will stay (irrespectively of Avast setting) your until Rogers would inform Hitron and request to update CODA-4582 firmware to use the currently available dnsmasq 2.80. 

 

RogersMoin will inform when it will be done. 

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Vladimir1
I Plan to Stick Around

Just FYI. The CVE-2017-14491 was discovered with various models of Netgear modems/routers sometime in March 2018. Please read the blogs from Netgear community, as well as when it was resolved after this manufacturer updated their firmware to use dnsmasq V2.78 or higher version around August 2018.

 

https://community.netgear.com/t5/Nighthawk-WiFi-Routers/Avast-Vulnerability-Catalogue-ID-CVE-2017-14...

Re: Avast antivirus detects DNS:Device is vulnerable to attacks - vulnerability ID: CVE-2017-14491

Vladimir1
I Plan to Stick Around

In addition to the "rusty" or broken hardware (cables, splitters, contacts and other devices) the security flaws are other roots that are responsible for network erratic behaviour.

 

Currently, Hitron CODA-4582 modem used for Rogers Ignite services runs the very old DNS software package - dnsmasq V2.75. It makes all these modems vulnerable to at least following seven security issues:

 

CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 and CVE-2017-13704.

 

Last three bugs CVE-2017-14495, CVE-2017-14496 and CVE-2017-13704 can lead to denial-of-service (DoS) attacks caused by invalid boundary checks, bug collision, and a coding issue.

 

DoS attacks, including its Distributed (DDoS) and other variations, may lead to significant network slowdown, intermittent connectivity losses and many other unpredictable awkward problems.

 

Unfortunately, time-to-time any network may become a DoS target. These attacks may last from seconds to many hours and may be repeated time-to-time.

 

Hopefully, whenever Hitron will update its CODA-4582 firmware with the latest dnsmasq V2.80 (or higher by the time when it would happen) software most of the problems mentioned in this and other posts will be put to rest.

 

Network hardening including the use of strong passwords, timely software/firmware updates on all levels. may mitigate to some degree the security issues causing the network errors. 

 

Another place to look is computers' hardware (CPU, memory, network card speed, etc.) and its software (e.g. antivirus programs). Usually, their combination, as well as the number of active devices on the home network cause more predictable and quite stable lower than expected internet speed. 

 

  

Topic Stats
  • 10 replies
  • 2477 views
  • 3 Likes
  • 3 in conversation