Netduma R1 - DNSMasq Version Query

[danielm2008uk]

Hello

 

This might be irrelevant with the (hopeful and eventual) release of DunaOS for the R1, but thought it might be worth checking into.

 

When scanning the security of the Routers, the scanning software highlights a particularly vulnerability that says could be taken advantage of.  It says that the device might be at risk of attacks and that I may need to flash the firmware to the latest version which at present it is (1.03.6h or till DumaOS).

 

Looking into it further, the scanning software informs that there is a DNSMasq Heap Buffer Overflow vulnerability and recomends that I update to version 2.78 which was released in October last year.

 

I don't know how much of an issue this may or may not be, but I thought I had better ask as I heave read that there is a newer firmware version, but isn't a requirement for everyone.

 

I've seen mentions of LAN DHCP Scope Sets.  It is certainly something I have not adjusted or really know what it does.  But there is mention in the help that it is generally for static ips?  I have adjusted settings for Port Forwarding and setting my DNS on my computer to a static address so I am unsure if this will or will not help.  Any thoughts?

[Netduma Fraser]

Given that DumaOS is an OS written from scratch it should hopefully not have this vulnerability from the start. However, we will check for vulnerabilities to ensure the router is secure as possible. I can't give any advice unfortunately as I'm not familiar with the vulnerability.

[danielm2008uk]

Given that DumaOS is an OS written from scratch it should hopefully not have this vulnerability from the start. However, we will check for vulnerabilities to ensure the router is secure as possible. I can't give any advice unfortunately as I'm not familiar with the vulnerability.

​Not a problem, thought DumaOS would have that covered.  I believe I have been ok so a few more weeks wait shouldn't cause too much trouble.  I'll keep an keen eye though just in case.