ZyXEL dnsmasq vulnerabilities
NEWS Assumed Closed Broadband
STATUS
Assumed Closed
CREATED
Oct 20, 03:01 PM (6ΒΌ years ago)
AFFECTING
Broadband
STARTED
(0 seconds ago)
REFERENCE
2448 / AA2448
INFORMATION
  • INITIAL
    0 seconds ago by Stuart

    Multiple vulnerabilities have been reported in dnsmasq, the service on the ZyXEL routers which provides a DNSresolver, DHCP functions and router advertisement for IPv6.
    A list of these can be found here.

    The scope of these is relatively broad, and most attack vectors are local. causing the router to fail DNS/DHCP/RA if exploited (DoS condition), one additional vector includes execution of arbitrary code.
    As dnsmasq is tightly integrated into the router, it can't just be turned off, however as a workaround you can change the DNS servers the routers serves in it's DHCP server to minimise potential impact from a local attacker should they perform a DNS request in a way which exploits the DoS conditions. This can be performed by going to the Router Settings page on your control pages, and entering our nameservers 217.169.20.20 and 217.169.20.21 into the IPv4 DNS fields, clicking save, then clicking on the DHCP button at the bottom (for B10Ds only) or clicking on Send ZyXEL configuration (B10As or B10Ds, will wipe existing settings on the router)

    An official patch from ZyXEL is estimated to be provided during December 2017 for the VMG1312-B10D routers (Firmware V5.13(AAXA.7)), and January 2018 for the the VMG1312-B10A routers.
    An update will be made to this post once firmware updates have been released.

  • UPDATE
    6 years ago by Andrew

    Updated software available, version 1.00(AAJZ.14)C0: https://www.zyxel.com/euosearch/dl-search.aspx?mci_country=uk&mci_lang=en&keyword=VMG1312-B10A&submit=Search