"Wi-Fi Inspecor" shows false warning about router's vulnerability?

system · 2017-07-30T01:38:46.000Z

Hello every one. Thank you for your access to this thread.

These days, I’ve just gotten a question about “Wi-Fi inspector” feature of Avast Free.
My question is at below, I hope that you will join solving it.

Some days ago, I did clean-install Windows 10 for reset my PC completely.
And then, I added some apps to PC includes the latest version of Avast Free Antivirus.

I tried to run the feature, which was named “Wi-Fi inspector” for checking security status of wi-fi router which put at my room.
After then I got a result that the router is having two vulnerabilities and the one of them is very serious problem for keeping security of the router.

According to the result provided by wi-fi inspector feature, my router is having these vulnerabilities at below.

Catalog ID: CVE-2013-0229 The router may be falling non-reaction or obstruction by being attacked based on this vulnerability.
Catalog ID: CVE-2013-0230
Attackers are able to execute arbitrary codes and they will be able to control this device completely
(Note: Above sentences were translated by me)

But I was not able to agree this conclusion because the router is up-to-date by me every time.
And, too, I am checking update patches for my router every time. My router is installed the latest firmware provided by the maker company.

[b]
Although the router is installed the latest firmware, why Avast is showing me the result that my router is having tow serious vulnerabilities?

I was running same security scan of Avast Free in March, but I was not gotten the results above.
[/b]

I guess that Avast Free is included some small bugs related to Wi-Fi Checking feature.
I am appreciating Avast Team. It is true! But I got this conclusion…

Please teach me about your opinion.
Thank you.

[b]My PC:[/b] Windows 10 Home 64bit/ 8GB RAM/ Intel Core i7 CPU Avast Free 17.5.2303 with the latest program

Wi-Fi router:
NEC WR8165-N (Domestic model for the consumer) with the latest firmware. The latest version firmware is released in March, 2016.
According to nmap, this router has miniupnpd/1.0 UPnP/ 1.0.
I contacted to support team of NEC.
Then they said that “we can not answer about individual problems.There is no case that some vulnerabilities,which was already found attacks your model router. But we can’t denial possibility of attack to your router.”.

Modem:
Modem of Internet provider is connecting to the router by LAN cable, and the router is configured as “wi-fi router enabled DHCP”

Asyn · 2017-07-30T07:11:01.000Z

This (new) detection has been added recently.

The vulnerability(ies) affects some versions of UPnP service. You can check the router’s version of UPnP, if it is 1.3 and below, it has the CVE-2013-0229 vulnerability and if it is 1.0 it has both CVE-2013-0229 and CVE-2013-0230 vulnerabilities.

system · 2017-08-03T11:05:04.000Z

Hello Asyn. Thank you for your reply.

Yes, my router has a older version UPnP library than the version which was fixed the vulnerability.
And also I’ve just gotten a answer from a member at Japanese Forum of Avast. He told me it may be that the maker company is paying no attention to update firmware for keeping security related to this vulnerability.

Thank you for your answer.

Asyn · 2017-08-03T11:06:56.000Z

You’re welcome.

Announcements