Check your router's firmware version. If your router has an auto update feature, try using it to get the latest firmware version. If not, go to the support page of the manufacture's web site and look for a download there.
I checked my router's firmware version and see that it was released in October 2017, which I'll have to assume has the DnsMasq software version 2.78, released in October 2017.
So I know at least my personal router is protected. Additionally, my gateway is in bridge mode which disables the cable modem's "Router functionality of Gateway and turns off the private Wi-Fi network." Which means my router is the gateway.
I still don't know, however, if the CVE affects the Comcast/XFinity cable modem and haven't seen any response from a Comcast/XFinity support rep in the forum or any response to a question I sent to support.
Hope this helps.
... View more
First let me inform everybody that I have already ensured that I have the latest firmware update running on my internal (personal) router and Android device.
My Internet security application has informed me of the following vulnerability during a wifi scan. However, I don't know if Comcast/XFinity is aware of this issue, or if it affects Comcast/XFinity routers and hotspots. The make and model of my Comcast/XFinity router is ARRIS TG1682G. Please advise:
Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.
Android devices used as a Wi-Fi hotspot can be also affected.
Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.
Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.
Note: As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device. Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.
DnsMasq heap buffer overflow vulnerability
Reference: CVE-2017-14491 | Google Security Blog
Description: The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.
Impact: Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.
Recommendation: The issue was fixed in DnsMasq software version 2.78, released in October 2017.
To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.
If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources.
... View more