Community Forum

Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

Contributor

Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

First let me inform everybody that I have already ensured that I have the latest firmware update running on my internal (personal) router and Android device.

My Internet security application has informed me of the following vulnerability during a wifi scan. However, I don't know if Comcast/XFinity is aware of this issue, or if it affects Comcast/XFinity routers and hotspots. The make and model of my Comcast/XFinity router is ARRIS TG1682G. Please advise:

 

Description


Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.

Android devices used as a Wi-Fi hotspot can be also affected.

 

Solution


Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.

Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.

Note:
As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device.
Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.

 

DnsMasq heap buffer overflow vulnerability


Severity: High

Reference: CVE-2017-14491 | Google Security Blog

Description:
The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.

Impact:
Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.

Recommendation:
The issue was fixed in DnsMasq software version 2.78, released in October 2017.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources.

New Poster

Re: Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

 

              I also received that info with my Avast anti-virus. I saw the same message a few days ago. I am using an X-finity voice and data modem, Cisco DPC3941T. I sent an email message to Comcast and also posted it in the internet forums today, 3-18-2018. Hope comcast can fix it by way of the internet. If you find a way to fix it please let me know. Thank you.

New Poster

Re: Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

Same here!

 

Model: DPC3941T
Vendor: Cisco
Hardware Revision: 1.0
Serial Number: 287678715

Contributor

Re: Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

Check your router's firmware version. If your router has an auto update feature, try using it to get the latest firmware version. If not, go to the support page of the manufacture's web site and look for a download there.

 

I checked my router's firmware version and see that it was released in October 2017, which I'll have to assume has the DnsMasq software version 2.78, released in October 2017.

 

So I know at least my personal router is protected. Additionally, my gateway is in bridge mode which disables the cable modem's "Router functionality of Gateway and turns off the private Wi-Fi network." Which means my router is the gateway.

 

I still don't know, however, if the CVE affects the Comcast/XFinity cable modem and haven't seen any response from a Comcast/XFinity support rep in the forum or any response to a question I sent to support.

 

Hope this helps.

New Poster

Re: Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

I got the same result.  Called tech support and they said this is a generic message that's not applicable to their devices, since they don't do anything with DNS on their devices.  Ie, according to the person I spoke with, this is not an actual vulnerability on this particular router.  I think that's likely correct, as when I login to the router, I can't find anywhere where there's any kind of DNS setting.

 

Hope that puts you at ease a bit.  :-).  If not, I'd suggest calling tech support and getting your call escalated until you talk to someone with this level of knowledge (1st level support person didn't have a clue Smiley Happy.

 

 

Regular Visitor

Re: Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

DPC3941 Cisco gateway 3 (4th gateway since January)
1.  "local time" is running 1hr behind real time (my time) on 10.0.0.1 page. Seems like a classic set up for a 'time set incorrectly' conflict with Windows...?
2.  Before "Factory Reset", Wi-Fi LAN ports listed "System Uptime" as 6755 days 10h:8m. Installed by Xfinity tech last month... How is that possible?!?
2a.  Factory Reset did change this but Xfinity Network now shows a System Uptime of 10h:35m, close to reality (my time), but the Wi-Fi LAN ports show System Uptime of only 35min.
Since I logged into 10.0.0.1, on Wi-Fi, to reset the password as soon as the unit reset, why the 10hr discrepancy?
3.  All "Reports" show activity/incident happening around 5-10hrs in the future, making any troubleshooting a quick-sandy nightmare.
4.  Factory Reset did not fix the Ethernet ports showing what appear to be set connection speeds of: port1 N/A
port2 1000Mbps
port3 100Mbps
port4 10Mbps.
It seems other people see similar speed "allocations" in varying configurations.
Are these speeds really fixed? What exactly does N/A mean in this scenario?
5.  Reset also didn't fix port1 & port2 showing as "Active" despite not having a cable inserted since the last Factory Reset
6.  This gateway, and quite possibly all of my recent "new" Xfinity gateway3's, re-boots to Utopia.net.
While I readily admit that my knowledge base is "General Public - Ignorance-is-Bliss" and all that I've really managed to "learn" is that I'm out of my depth (and feeding my paranoia on these sites + haplessly floundering for some resolution = ulcers), none-of-the-above indicate that I am incapable of  basic logic and reasoning, nor careless or sloppy in either. 
A.  No Utopia.net before all this. Yes, I'm sure. Two different Windows devices used regularly but not powered up since  first router replacement (This all started with two out-of-the-box new computers, fresh start...), took old units off-site before re-booting and they're both clean. Everything else had Utopia.net: iPhone 4 and 7+, iPad 3, iPad Air, Gateway LT31 Win 7 Ultimate (Win Vista), Dell XPS27 Win 10 Pro (8.1), and two HP Pavilion b217c Win 10 Home.
I've cleaned out all of my devices (only after figuring out the issue myself) and manually reconfigured the DNS setting on all connected devices but the core problem is still there. Within two months I had 4 Comcast techs in my house, checking my system (including re-booting and re-setting "new" gateways, no mention of DNS flipping to Utopia.net on reboot.
After reboot the DNS will eventually switch back to Comcast but by then it's too late, anything connected to the gateway ha added Utopia.net to various DNS cashe files and be "hijacked" as soon as it goes on line.
I'm sure it's possible that once this happens "my devices" could "re-infect the gateway from the inside" but the original infection is coming from the re-boot cycle of the gateway itself.
It happens every single time so I don't know how the techs could "miss" it, especially with since my major complaint was dropped connections, connection speed dropping below 10mbs, and the x-fi site not showing devices/usage/etc correctly (I didn't know anything about DNS hijacking at the time... All classic signs. If your devices are on someone else's DNS then they don't show up on their servers!) Now all I get from Comcast is "your devices are re-infecting the system from the inside" and "everything looks OK on our end, you should check your devices"
I can't allow get them to admit their devices need the security patch everyone else rolled out Nov 2017 and you can't update the firmware yourself.
Although I think I've secured my own devices, I'm constantly checking everything and had to stop all shopping/banking on any device (my favorite parts of the internet) and friends and family can't use the Internet at all or Utopia will get them too.

I've spent countless hours talking to Customer Service over the last few months. The last call, two night ago, classically ended (45+ min in) when the agent got tired of evading my questions and trying to convince me a Service Callout would "fix everything"...
Solution: She muted the call and waited for me to hang up. I stayed on the open line for another 15-20min, speaking calmly into the muted phone, reviewing my experiences, frustrations, and suggestions of the last few months... It was surprisingly cathartic in the moment but not particularly helpful.
Result: I called to get the firmware update required to install my PODs. It has to be "pushed" from Xfinity, it's not automaticly updated when you purchase them and again, no way to update yourself. Only took 30min and she confirmed success!
Unfortunately... no joy on this end... and not after re-boot... and not after re-set, just more Utopia.net and whatever else they let through when they're not looking...

 

and NO, I do not want Norton Security. I want the service I'm paying for and the respect I deserve!

Users on this site don't seem to be having a lot of success with their free versions anyway...

Highlighted
Expert

Re: Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491


@SoDisillusioned wrote:

DPC3941 Cisco gateway 3 (4th gateway since January)

(snip)
Unfortunately... no joy on this end... and not after re-boot... and not after re-set, just more Utopia.net and whatever else they let through when they're not looking...

 

and NO, I do not want Norton Security. I want the service I'm paying for and the respect I deserve!

Users on this site don't seem to be having a lot of success with their free versions anyway...



There's a long thread on the Utopia.net issue here


Comcast Experts are other customers who volunteer their time helping on the forum and have been recognized by the community. For more information on the Expert Program, please click here.
Unless so specifically stated, my opinions written herein are my own and do not necessarily reflect the views of Comcast, its official employees or affiliates.
New Poster

Re: Vulnerability discovered by my Internet security application during wifi scan: CVE-2017-14491

Since December 2017, this vulnerability has affected our home network.  Spoken to Comcast representatives numerous times.  Have replaced both a Cisco and  an Arris  modem/gateway and still vulnerability persists.  Comcast is now saying the problem is on our computers when in fact their modems have the vulnerability.  Why won't comcast push the patches out to the customer instead of lying to the customer and fixing the problem?