CrowdSupport®
Level 7: Deputy Inspector

mygateway vulnerable to hackers

Answered

Hi, I have Avast antivirus on my Mac which has home network scan. It has reported that my Telstra gateway 5355 firmware version 8a.58.116.11 software version SG7E10001134 is vulnerable to hacker attacks ( CVE-2017-14491 ) and a firmware update could fix it. I believe Telstra update the firmware automatically when required. I would appreciate if any one has any idea why this occurring and if there is a fix. This modem was replaced by Telstra a few months ago when I had a problem with the old one. I think this is the first scan I have done on it since obtaining it.I have had no other issues with it. I did reboot the modem the other day in order to get the Telstra update for more speed.

Thank you,

                 John.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Level 24: Supreme Being
Level 24: Supreme Being
Accepted Solution

Re: mygateway vulnerable to hackers

@rekrab
1134 is the most current at the moment

@mazinoz on or off VPN? Using Telstra's DNS or something else? traceroute's showing anything funky going on? certain pages or all pages (I know you were having issues with telstra's outages site)?
I am Complex Customer Service Specialist, nominally working with most assurance products. However, I am not an official representative on CrowdSupport.

IT Helpdesk and Technicial Support by Telstra Platinum
Smart Home Automation & Monitoring from Telstra
Helping Australians Find the Things that Matter Most with Telstra Locator

View solution in original post

Highlighted
Level 7: Deputy Inspector
Accepted Solution

Re: mygateway vulnerable to hackers

Thank you Yastiandrie,You have been most helpful. I guess as I have the latest firmware there is nothing else I can do regarding the CVE-2017-14491 report.I read the Avast forum questions & answers regarding this problem and it seems like some are saying it is a false report & others that it is a true warning. I just hope that my network is safe from hackers. Thanks once again and thank you to the other posters.
Cheers John.

View solution in original post

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
13 REPLIES 13
Highlighted
Level 2: Rookie

Re: mygateway vulnerable to hackers

Telstra push firmware updates middle of the night. Maybe your modem needs to catch up with few updates to get up-to-date. What is your hardware version? FAST5355-A

A restart via the interface wouldn't hurt
Highlighted
Level 7: Deputy Inspector

Re: mygateway vulnerable to hackers

Hi KapsJ. Thanks for your reply. The hardware version is f@st 5355. Is the restart via the interface different from just turning off & on the modem itself ? I did try that earlier. I will try doing it on the interface as soon as my grandson finishes his uni assignment on his computer. Is there anyway I can find the latest firmware version ?
Cheers John.

Highlighted
Level 19: Deputy Director

Re: mygateway vulnerable to hackers

I believe the restart he is referring to is a factory reset. From memory this option was in "Gateway" page on my old modem. I have not used your modem. Just been given a new "Smart" modem. The other way to do a factory reset is to locate a small red button often near the power button and hold it down for 10 - 30 secs until lights change, loses power, restarts.
If doing the reset as above, leave it on overnight and the Telstra fairies will hopefully update the firmware for you. They have been kind to me and no dramas caused by their updates so far. I don't stress about doing it.
However, this issue has actually been raised earlier on this forum. Unfortunately, I've forgotten the details! Perhaps a forum search will do the trick. Also Cf4 on this forum has gone to the trouble of writing a manual for this modem which has been greatly appreciated -
https://drive.google.com/file/d/0BzrqIis29Do9bTFxRUFjU3ZoWE0/view
Highlighted
Level 19: Deputy Director

Re: mygateway vulnerable to hackers

Oops, it appears my "Smart" modem may be the same as yours. I've also seen it referred to as DJA0230. It is branded as a Technicolor modem. I think Optus also use it.
Highlighted
Level 24: Supreme Being
Level 24: Supreme Being

Re: mygateway vulnerable to hackers

@rekrab

Avast is throwing a false positive

 

The Sagemcom 5355 got a firmware update in November/December (SG7E10001122) to plug the dnsmasq vulnerability (dnsmasq version 2.78)

 

If you check their forums, they even advise that is an advisory warning based on a banner check and their software doesn't actually do an exploit probe

 

Type this into command prompt (in windows) and post the result:

nslookup -type=txt -class=chaos version.bind 10.0.0.138

@mazinoz Optus doesn't use the DJA0230 Smiley Wink It's a Telstra exclusive

I am Complex Customer Service Specialist, nominally working with most assurance products. However, I am not an official representative on CrowdSupport.

IT Helpdesk and Technicial Support by Telstra Platinum
Smart Home Automation & Monitoring from Telstra
Helping Australians Find the Things that Matter Most with Telstra Locator
Highlighted
Level 7: Deputy Inspector

Re: mygateway vulnerable to hackers

Thank you guys I appreciate your help. @Yastiandrie, good to know it is a false report, would you know if this is just an Avast problem or would it show on any home network scan ? The command prompt you kindly gave I see is for windows, I am using a Mac so I guess that would not work for me. Would you know if I have the latest software version SG7E10001134 ? I did not think to check the Avast forums for a problem, I guess as soon as the Avast report mentioned software updates I assumed that was it.
Thanks John.
Highlighted
Level 24: Supreme Being
Level 24: Supreme Being

Re: mygateway vulnerable to hackers

http://10.0.0.138 > Advanced > Gateway Settings > Device Info > General Smiley Happy

 

I am Complex Customer Service Specialist, nominally working with most assurance products. However, I am not an official representative on CrowdSupport.

IT Helpdesk and Technicial Support by Telstra Platinum
Smart Home Automation & Monitoring from Telstra
Helping Australians Find the Things that Matter Most with Telstra Locator
Highlighted
Level 7: Deputy Inspector

Re: mygateway vulnerable to hackers

Thank you, Gateway settings is where I found software update SG7E10001134 ,Just was not sure if it is the latest.

Cheers John.
Highlighted
Level 19: Deputy Director

Re: mygateway vulnerable to hackers

Sorry, I saw something similar on an Optus page. My fact checking is a bit sloppy today. According to ozspeedtest.com my download speed is 14.08 Mbps, but it seems to take several minutes to load a page still.
Highlighted
Level 24: Supreme Being
Level 24: Supreme Being
Accepted Solution

Re: mygateway vulnerable to hackers

@rekrab
1134 is the most current at the moment

@mazinoz on or off VPN? Using Telstra's DNS or something else? traceroute's showing anything funky going on? certain pages or all pages (I know you were having issues with telstra's outages site)?
I am Complex Customer Service Specialist, nominally working with most assurance products. However, I am not an official representative on CrowdSupport.

IT Helpdesk and Technicial Support by Telstra Platinum
Smart Home Automation & Monitoring from Telstra
Helping Australians Find the Things that Matter Most with Telstra Locator

View solution in original post

Highlighted
Level 7: Deputy Inspector
Accepted Solution

Re: mygateway vulnerable to hackers

Thank you Yastiandrie,You have been most helpful. I guess as I have the latest firmware there is nothing else I can do regarding the CVE-2017-14491 report.I read the Avast forum questions & answers regarding this problem and it seems like some are saying it is a false report & others that it is a true warning. I just hope that my network is safe from hackers. Thanks once again and thank you to the other posters.
Cheers John.

View solution in original post

Highlighted
Level 7: Deputy Inspector

Re: mygateway vulnerable to hackers

Hi Guys, Just an update regarding the Gateway Fast 5355A being vulnerable to hackers CVE-2017-14491. I thought I would look into this further. I reset my modem and my modem firmware updated to SG7E 10001214 and still had the report from the security network scan same problem. I contacted Telstra that said there is nothing else they can do. I then contacted Avast, who I must say were very helpful . Why has Telstra sent me a modem that has this problem. Hopefully the following report from Avast will benefit others. Cheers John.
From Avast support team.
It seems that your device is indeed vulnerable but update addressing the vulnerability is not yet available for your device.

You can, however, minimize risks imposed by the vulnerability by securing your router with a strong password. Here you can test if a password is strong enough: https://www.avast.com/f-password-manager#passwords

Once you set a strong password, there's nothing to worry about.

In this article, you can learn more about this problem: https://help.avast.com/en/av_free/17/hns/cve-2017-14491.html

Let me know if you have any further questions.


Best Regards,
Prokop
The Avast Support Team

Highlighted
Level 19: Deputy Director

Re: mygateway vulnerable to hackers

Sorry for delay in replying Yastiandre. I've just got over the side effects of the flu vaccination.
I'm fairly certain it is a misconfiguration problem I've created on router. Need to change ports.

Telstra Smart Modem

Plug in and connect in minutes. Smart.

Find out more