Wi-Fi inspector and Router vulnerabilities - possible false detection?

NON · 2017-06-05T14:03:23.000Z

Hello,

I got a report in the Japanese forum that Wi-Fi inspector detected router vulnerabilities “CVE-2013-0229” and “CVE-2013-0230”, which seems like false detections because the router in question uses non-vulnerable version of library.
https://forum.avast.com/index.php?topic=203347.0

I also found that Wi-Fi inspector flagged my router as vulnerable for “CVE-2012-5958”, while it didn’t find this a month ago.

My router (PE-500KI) is built in 2014 and updated in 2016, the OP in the Japanese forum uses newer one (Aterm WG1200HS, built in 2015 and updated in 2017). So I don’t think they have years-old vulnerabilities.

Eddy · 2017-06-09T09:33:23.000Z

https://translate.google.nl/translate?hl=en&sl=ja&u=http://www.aterm.jp/support/verup/wg1200hs/fw.html&prev=search

They still haven’t fixed things.

NON · 2017-06-09T11:53:01.000Z

As I stated above WG1200HS uses non-vulnerable version of library according to its manual.
Also, the page you quoted did not say anything about vulnerabilities, it just shows what has changed in latest firmware. There are several releases before the latest one and some of them contains security fixes.

Why I started this topic is I can see sudden increase of similar reports in Japan that suggests these detections might be false.

Eddy · 2017-06-09T14:21:11.000Z

Read the release notes.
There is no mentioning about it being fixed after the CVE was published in any of the firmware updates.

NON · 2017-06-09T17:46:45.000Z

Eddy post:4:

Read the release notes.
There is no mentioning about it being fixed after the CVE was published in any of the firmware updates.

Yes, I read the release notes that why I knew there are other releases that contains other fixes.
If they uses non-vulnerable libraries in the first place, there is no chance the corresponding CVE appears in it, isn’t it?

BTW there are links to other documents that describes what vulnerabilities were fixed in certain updates. Some have CVEs, others not.

Announcements