Peplink Security Advisory: dnsmasq (CVE-2017-14491 ~ 14496, CVE-2017-13704)

Peplink Security Advisory: dnsmasq (CVE-2017-14491 ~ 14496, CVE-2017-13704)

On October 7th, 2017, vulnerabilities in dnsmasq were made public. We have evaluated our products and online services to assess the impact of this vulnerability.

Products:

  • Balance and MAX series routers do not use dnsmasq.
  • Surf series routers use a version of dnsmasq that is unaffected by vulnerabilities CVE-2017-14492 ~ 14496 and CVE-2017-13704. We have not reproduced vulnerability CVE-2017-14491 after extensive testing.
  • AP product vulnerability status is identical to Surf if router mode is turned on.

Resolution:
No action is necessary for end users.

4 Likes