Dnsmasq used by Peplink? Software has 7 known flaws


#1

Does Peplink use dnsmasq for either DNS or DHCP? I ask because it recently came to light that the software has 7 known flaws. I ran nmap UDP version detection on a 7.0.1 Surf SOHO

nmap -sU -p 53-53 -T4 -A -v [LANIP]

and got this

PORT STATE SERVICE VERSION
53/udp open domain ZyXEL P-660HW-D1 wireless ADSL router dnsd
|_dns-recursion: Recursion appears to be enabled


#2

Hi Michael, how about temporarily enabling the CLi or ssh on the Pepwave and log in with your administrator username and password and running TOP to see?

God bless

Tereza


#3

Hi Michael, I’ve just updated to 7.02 last night and have run a similar NMAP scan with differing results:

PORT STATE SERVICE VERSION
53/udp open|filtered domain
MAC Address: 00:00:00:00:00:00 (PePWave)
Too many fingerprints match this host to give specific OS details

So the Pepwave is certainly disguising itself better but it doesn’t answer your question really, but I’d definitely
upgrade the firmware as a start


#4

Tried SSH into router for the first time. It does not like my password. My guess is that some special characters are not allowed. Will have to ask. …


#5

PORT STATE SERVICE VERSION
53/udp open domain ZyXEL P-660HW-D1 wireless ADSL router dnsd
|_dns-recursion: Recursion appears to be enabled

Or of course password length/spaces? You could always try the user account and simplify it’s password as a test.
Wouldn’t get you TOP at a root level but would let you know if password complexity is the issue :slight_smile:

Also, just a thought; have you changed the ssh port you’ve set it to listen on? If you leave the Cli open it’s not
a bad idea to alter the ssh port from the stock 22 - at least an initial attempt by a hacker (pre any port scan
which you might detect) will suggest to the attacker ssh is not enabled.
God bless Tereza


#6

Use ‘admin’ as the username (even if you have changed it in the webui) and your admin password. Just a note that it is a very restricted userspace when you access via SSH. You can only run allowed commands - guide here: http://download.peplink.com/manual/CLI%20SSH%20Guide.pdf

As to DNSmasq, the Peplink engineering team will reply to that question with authority shortly I’m sure, but unless the firmware has changed drastically since I left over a year ago they are not using DNSmasq.


#7

Thanks Martin :slight_smile:


#8

Me too, thanks Martin.


#9

Friends, the short answer is that Peplink products are NOT affected. We are all safe. There will be an official statement soon.


#10

Synology was affected and they issued bug fixes on Oct 4th
https://www.synology.com/en-us/releaseNote/RT2600ac

Peplink is not affected, but it takes over a week to say so. Gee.


#11

Complete info is posted here: Peplink Security Advisory: dnsmasq (CVE-2017-14491 ~ 14496, CVE-2017-13704)

@Michael234, the verification is taking us more time than we thought. We wanted to make sure the info provided is 100% accurate. We agree we could have done a better job and respond faster next time. Thanks.