As I said my update was 13th April , but it would seem the dns software wasn't updated at the same time, so still awaiting a fix.
hub updated 13th May 2018 to version ending 540, however, still the same issue over the DNS which has not been updated so issue still the same.
I really do think that BT should take this seriously and resolve it, it's months now since this was brought to their attention and nothing has been done, perhaps a moderator can escalate this to the next level on our behalf.
I have been following this issue for some months now as my Avast flagged up CVE-2017-14491 on my smart hub BT Hub6. At the time my firmware was Jan 2018 and has now been updated to May 13th 2018, hoping his was the ticket and all is well again until I ran my Avast Wi-Fi scan which is still telling me this issue is still here! Why is BT taking a very relaxed attitude about this serious problem? As a BT customer I am not happy about this and if BT will not treat this matter as important then what is the point for me or anyone else to remain as customers?
@SeanD Dear Sean, please could you provide an update on this DnsMasq issue? Do I need to manually update the firmware in my BT Smart Hub or will BT be remotely patching these devices for its customers?
As it is impossible to manually update the firmware, you will have to wait.
I see @icepuffin aggressively rubbished my last post on this subject so I'll let the picture do the talking.
My HH6 is the device at 192.168.1.254 and is internet connected and is running Firmware SG4B1000B540.
If I don't enable my VPN, I get the same results from the Avast Wifi inspector as everyone else but with the VPN connected I get the following.
Remember, I don't know what I'm talking about so I'll leave you all to draw your own conclusions.
BT will you please get to the bottom of this as i'm having doubts about avast. Is this a real issue that needs to be sorted out by you or is this some kind of avast money spinner. That is to say if i want avast vpn i have to pay for it. If this is a money spinner by avast then i gladly withdraw my comment about why anyone should remain as a BT customer. I am posting this as avast is not what it used to be, and no i'm not posting a full list of of things i have encountered with avast.
"The exploit cannot be triggered via unsolicited inbound traffic.To leverage the vulnerability, an attacker would need to have administrative access to a malicious domain such as hacker.com. The attacker could then lure users to try to access hacker.com which would rely upon DNS requests by the dnsmasq module. "
I did not aggressively rubbish your previous post. We have been trying to resolve this for months now and your answer was that it was "scare tactics" by Avast to get us to use the paid version, you offered no actual help on that occasion.
I am using the paid Avast which is showing the Hub vulnerability, so there are no scaremongering tactics to upgrade involved.