Security Notification about DNSMasq Vulnerability

 

In October 2017, researchers studying the DNSMasq code/protocol discovered various vulnerabilities.  DNSMasq is widely used in networking products, Linux distributions, embedded products and mobile phones and IoT devices.The vulnerabilities are logged under the following references : CVE-2017-14491CVE-2017-14492CVE-2017-14493CVE-2017-14494CVE-2017-14495CVE-2017-14496 and CVE-2017-13704.

No DrayTek products operating DrayOS are affected by this issue and they do not use DNSMasq. DrayOS is our own proprietary O/S which does not have 3rd party library dependencies.

Our Linux-based products (Vigor 2960 & Vigor 3900) will have updated firmware released ASAP as firmware version v1.3.2.  Please download and install that as soon as it is released. Even if your product is not affected by this issue, you should still always keep your products up to date with the latest firmware which may provide other enhancements or security improvements.