Important Security Update for RUT9XX Series
(KRACK Attack, dnsmasq Vulnerability)
Even though the flood of information on the security gap has quickly subsided after the 18th of October, our technical team is still concerned with the KRACK attack and stays in contact with our manufacturers regarding the brands and products we sell.
On Friday (27.10.2017), the much-anticipated patch for Teltonika's RUT9XX series was released. The update fixes not only the KRACK attack security gap but also a vulnerability in the dnsmasq.
Dnsmasq is a simple and free DNS and DHCP server for small networks. Domain names from the local network are defined by reading the file /etc/hosts. Unknown name requests are forwarded and cached. Dnsmasq is a part of many Linux distributions.
One vulnerability (CVE-2017-14491) in dnsmasq allows a remote, non-authenticated attacker to execute random program codes and, as a result, take control of the system. Two other vulnerabilities enable a non-authenticated attacker in an adjacent network to execute these kind of attacks.
Because of three further vulnerabilities, it is possible for a non-authenticated attacker to spy out data and execute Denial-of Service (DoS) attacks.
All dnsmasq versions earlier than 2.78 are affected. An update to version 2.78 is highly recommended since the probability of exploitation of these vulnerabilities is rated as 'high'.
The Teltonika update also fixes these vulnerabilities.
Easy Update via the Software's Interface
The update can be conveniently started using the admin interface of the RUT9XX device. On page 150 of the manual (see below), you will find all required information and screens of the interface. Please bear in mind the note from the manual: Never remove the router power supply and do not press the reset button during the update process! Both could seriously damage the device and make it inaccessible.
You can find more information on the security gap in the WPA2 encryption protocol in our blog entry from the 18th of October 2017.