Community Forum

CGM4140COM dnsmasq CRITICAL SECURITY FLAW / Vulnerability

New Poster

CGM4140COM dnsmasq CRITICAL SECURITY FLAW / Vulnerability

Hi Folks,

There appears to be a significant security flaw in Comcast's latest Internet Router with XFi, the CGM4140. According to Google  ,Avast and CVE this issue was found in October 2017, but Comcast has failed to update or push the fix.

Impact: Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.

Recommendation: To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

Since Comcast customers do not have the ability to apply firmware updates, we are at the mercy of the vendor.

The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection.Avast Security Issue CGM4140.PNG




Re: CGM4140COM dnsmasq CRITICAL SECURITY FLAW / Vulnerability

Is this still a problem?  How would i confirm i have the patch?


Re: CGM4140COM dnsmasq CRITICAL SECURITY FLAW / Vulnerability

The Comcast gateways are not vulnerable. See my post last month for details. 

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!