Peplink Security Advisory: dnsmasq (CVE-2017-14491 ~ 14496, CVE-2017-13704)
On October 7th, 2017, vulnerabilities in dnsmasq were made public. We have evaluated our products and online services to assess the impact of this vulnerability.
Products:
- Balance and MAX series routers do not use dnsmasq.
- Surf series routers use a version of dnsmasq that is unaffected by vulnerabilities CVE-2017-14492 ~ 14496 and CVE-2017-13704. We have not reproduced vulnerability CVE-2017-14491 after extensive testing.
- AP product vulnerability status is identical to Surf if router mode is turned on.
Resolution:
No action is necessary for end users.