cancel
Showing results for 
Search instead for 
Did you mean: 
ljm
Aspiring Expert
2,302 Views
Message 11 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Hi icepuffin,

 

Was interested to read your post re this subject, and others who have posted, because i am with AVG and, unless i've misunderstood, AVAST and AVG amalgamated a little while back so i'm wondering if this problem also applies to AVG users, like myself?

This is the first time i've heard about it, but then again i haven't been on the forum regularly.  If you have any further info, would be interested to see you post it.  Thanks.

0 Ratings
icepuffin
Contributor
2,291 Views
Message 12 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Ijm,

if you go to the original OP on this post what they have written is exactly what I had come up when I did a wifi test. What really surprises me is that if there is a vulnerability that BT don't seem interested, hence my request for an update.

0 Ratings
ljm
Aspiring Expert
2,286 Views
Message 13 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Yes, it does seem odd that nobody (ie a BT Mod) has updated us on this.  I expect they will get round to replying eventually.  This is my first visit to this new forum layout and i'm still struggling a bit to find my way around all the info on various topics.

0 Ratings
icepuffin
Contributor
2,250 Views
Message 14 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

I agree, you would have thought that a moderator or a staff member would be urgently looking at this and updating us.

0 Ratings
icepuffin
Contributor
2,245 Views
Message 15 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Another day goes past and still no-one from BT or a moderator has updated this post, quick shocking really.

0 Ratings
ker585
Beginner
2,200 Views
Message 16 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Yep exact same issue and no way to manually correct, come on BT are you going to be rolling out a patch to fix this?

Main issue is: "To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer." we don't have one yet and no buttonn to updatre firmware on hub admin pages.

 

 

Avast reports the following:

Your router or Wi-Fi hotspot is vulnerable to network attacks!

We have found vulnerabilities in your router or Wi-Fi hotspot that can be used by attackers to hack into your network.

 
Description

Our scan found a vulnerability on your router or Wi-Fi hotspot device. Your device contains a problem that can be misused by cybercriminals to break into your network and compromise your security and privacy.

Android devices used as a Wi-Fi hotspot can be also affected.

Solution

Some of the vulnerabilities may be patched in new versions of the device firmware or system update. Applying the latest firmware or system update may solve the issue.

Consult your device's manual for instructions. If an update adressing the vulnerability issue is not available, contact your devices's vendor or manufacturer to provide an update as soon as possible.

Note:
As routers typically do not perform automatic updates, you need to manually download and install the appropriate patches on the device.
Done incorrectly, applying the latest firmware can make your router unusable. We recommend this method for advanced users or computer technicians only.

Details

We have identified the following problem with your router or Wi-Fi hotspot device:

DnsMasq heap buffer overflow vulnerability

Severity: High

Reference: CVE-2017-14491 | Google Security Blog

Description:
The affected device's DNS service is running an outdated version of the DnsMasq software which is known to have a heap buffer overflow vulnerability. A remote attacker can gain control of your network device and your Internet connection by sending malformed DNS packets to the device. It allows the attacker to intercept connections and perform a traffic hijack, or execute arbitrary code with unrestricted privileges as well as access all important and private data stored on the device -- your device login/password combination, your Wi-Fi password, and your configuration data.

Impact:
Any device connected to your network, including computers, phones, tablets, printers, security cameras, or any other networked device in your home or office network, may have an increased risk of compromise.

Recommendation:
The issue was fixed in DnsMasq software version 2.78, released in October 2017.

To solve the vulnerability on your device, apply the firmware or system update that contains DnsMasq software version 2.78 or higher provided by your device's manufacturer.

If an update addressing the vulnerability is not yet available for your device, you can secure your router or Wi-Fi hotspot with a strong password to minimize risks imposed by the vulnerability. We also advise you not to visit suspicious websites or run software from questionable sources.

 
0 Ratings
icepuffin
Contributor
2,184 Views
Message 17 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Not much point BT saying in their adverts that the smart hub is the best when it is vulnerable to being hacked !! and I still cannot believe that it's been several days and still a moderator or member of admin has not updated us.

0 Ratings
sandyflett
Beginner
2,168 Views
Message 18 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Why are we still hoping BT will pay any attention to this forum/thread. Surely there must be direct ways one can communicate with an organisation.

0 Ratings
sandyflett
Beginner
2,164 Views
Message 19 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

Why does it seem to be just Avast that is finding this problem? Surely there must be other router-checking software protecting people.

0 Ratings
icepuffin
Contributor
2,145 Views
Message 20 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

I suppose because the idea of the forum is that you have an issue aand you hope someone with knowledge will reply. There are moderators and admin staff who read each thread , so surely a reply would be the least they could do.

Secondly , I think avast is unique in that it checks the wi-fi for such issues, whereas others probably do not, but again surely the issue is that avast has indicated a problem with the smart hub , and at least it warrants investigation.

0 Ratings