cancel
Showing results for 
Search instead for 
Did you mean: 
icepuffin
Contributor
983 Views
Message 61 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

As I said my update was 13th April , but it would seem the dns software wasn't updated at the same time, so still awaiting a fix.

0 Ratings
icepuffin
Contributor
862 Views
Message 62 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

hub updated 13th May 2018 to version ending 540, however, still the same issue over the DNS which has not been updated so issue still the same.

I really do think that BT should take this seriously and resolve it, it's months now since this was brought to their attention and nothing has been done, perhaps a moderator can escalate this to the next level on our behalf.

0 Ratings
Richard050
Beginner
830 Views
Message 63 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

I have been following this issue for some months now as my Avast flagged up CVE-2017-14491 on my smart hub BT Hub6.  At the time my firmware was Jan 2018 and has now been updated to May 13th 2018, hoping his was the ticket and all is well again until I ran my Avast Wi-Fi scan which is still telling me this issue is still here!  Why is BT taking a very relaxed attitude about this serious problem?  As a BT customer I am not happy about this and if BT will not treat this matter as important then what is the point for me or anyone else to remain as customers?  

0 Ratings
bellrog
Newbie
760 Views
Message 64 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

@SeanD  Dear Sean, please could you provide an update on this DnsMasq issue? Do I need to manually update the firmware in my BT Smart Hub or will BT be remotely patching these devices for its customers?

0 Ratings
Distinguished Sage
Distinguished Sage
748 Views
Message 65 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

As it is impossible to manually update the firmware, you will have to wait.

0 Ratings
V_Meldrew
Expert
733 Views
Message 66 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

I see @icepuffin aggressively rubbished my last post on this subject so I'll let the picture do the talking.

My HH6 is the device at 192.168.1.254 and is internet connected and is running Firmware SG4B1000B540.

 If I don't enable my VPN, I get the same results from the Avast Wifi inspector as everyone else but with the VPN connected I get the following. 

Remember, I don't know what I'm talking about so I'll leave you all to draw your own conclusions.

VPN Enabled.jpg 

0 Ratings
Richard050
Beginner
687 Views
Message 67 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

BT will you please get to the bottom of this as i'm having doubts about avast.  Is this a real issue that needs to be sorted out by you or is this some kind of avast money spinner.  That is to say if i want avast vpn i have to pay for it.  If this is a money spinner by avast then i gladly withdraw my comment about why anyone should remain as a BT customer.  I am posting this as avast is not what it used to be, and no i'm not posting a full list of of things i have encountered with avast.  

 

0 Ratings
V_Meldrew
Expert
674 Views
Message 68 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

"The exploit cannot be triggered via unsolicited inbound traffic.To leverage the vulnerability, an attacker would need to have administrative access to a malicious domain such as hacker.com. The attacker could then lure users to try to access hacker.com which would rely upon DNS requests by the dnsmasq module. "

Reference (links to https://www.techrepublic.com)

 

icepuffin
Contributor
654 Views
Message 69 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

I did not aggressively rubbish your previous post. We have been trying to resolve this for months now and your answer was that it was "scare tactics" by Avast to get us to use the paid version, you offered no actual help on that occasion. 

0 Ratings
Silver29
Aspiring Contributor
638 Views
Message 70 of 100

Re: Avast reports smarthub vulnerable to attack.

Go to solution

I am using the paid Avast which is showing the Hub vulnerability, so there are no scaremongering tactics to upgrade involved.

0 Ratings