Home > About > Newsroom >

Security Notification about DNSMasq Vulnerability

2017-11-08

In October 2017, researchers studying the DNSMasq code/protocol discovered various vulnerabilities.  DNSMasq is widely used in networking products, Linux distributions, embedded products and mobile phones and IoT devices.The vulnerabilities are logged under the following references : CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 and CVE-2017-13704.

No DrayTek products operating DrayOS are affected by this issue and they do not use DNSMasq. DrayOS is our own proprietary O/S which does not have 3rd party library dependencies.

Our Linux-based products (Vigor 2960 & Vigor 3900) will have updated firmware released ASAP as firmware version v1.3.2.  Please download and install that as soon as it is released. Even if your product is not affected by this issue, you should still always keep your products up to date with the latest firmware which may provide other enhancements or security improvements.

About DrayTek

DrayTek manufactures broadband CPE (Customer Premises Equipment), including firewalls, VPN devices, load-balancing routers, wireless access points, and switches. We aim to provide reliable and highly integrated networking solutions at an affordable price and become the trusted networking partner of small and medium-sized businesses.

Press Contacts: [email protected]