Home > About > Newsroom >

Security Notification about DNSMasq Vulnerability

2017-11-08

In October 2017, researchers studying the DNSMasq code/protocol discovered various vulnerabilities.  DNSMasq is widely used in networking products, Linux distributions, embedded products and mobile phones and IoT devices.The vulnerabilities are logged under the following references : CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 and CVE-2017-13704.

No DrayTek products operating DrayOS are affected by this issue and they do not use DNSMasq. DrayOS is our own proprietary O/S which does not have 3rd party library dependencies.

Our Linux-based products (Vigor 2960 & Vigor 3900) will have updated firmware released ASAP as firmware version v1.3.2.  Please download and install that as soon as it is released. Even if your product is not affected by this issue, you should still always keep your products up to date with the latest firmware which may provide other enhancements or security improvements.

About DrayTek

DrayTek is a manufacturer of broadband CPE (Customer Premises Equipment), including firewalls, VPN devices, load-balancing routers, wireless access points, and switches. Our goal is to provide reliable and high-integrated networking solutions at an affordable price, become the reliable networking partner of small and medium-sized businesses.

Press Contacts: press@draytek.com