Meraki Go affected by DNSpooq?

olavrb
Getting noticed

Meraki Go affected by DNSpooq?

9 REPLIES 9
olavrb
Getting noticed

Lee
Meraki Go Team
Meraki Go Team

We're confirming and will get back to you

olavrb
Getting noticed

@Lee 

Consumer options like Google Wifi (https://support.google.com/googlenest/thread/94543997?hl=en) and Asus (https://www.snbforums.com/threads/69274/) have managed to answer their customers regarding DNSpooq within reasonable time. But users of Meraki Go still don't even know whether they're affected or not. Time to show us whether Meraki Go is a option to consider for both for home users and small businesses.

hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello @olavrb,

 

I can appreciate your concern. We're working diligently to confirm this information, please stay tuned and an update will be provided as soon as possible.

hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hello @olavrb 

 

I appreciate your patience as we completed our entire investigation regarding DNSpooq. Please see the updated PSIRT advisory for the full details.

 

As of this time, Meraki Go software is indeed vulnerable to DNSpooq per the advisory. Our developers are hard at work on a fix, which is estimated to be delivered in August of this year.

 

The result of this scenario has led to positive outcomes, though, as we will be sure to display the running firmware on the Meraki Go hardware in the app in the next release. In addition, our team has also prepared in advance to schedule upgrades as soon as the software update is available to resolve the matter.

 

Thank you for spreading awareness and helping the Go community.

olavrb
Getting noticed

Hi @hidden0,

 

Thanks for confirmation. ETA august 2021 is not very impressive, I must say.

 

Also, I can't find any Meraki Go product in the list of known vulnerable products in the PSIRT advisory. I've looked for (CTRL+F) "Meraki Go", "GR60", "GS110", "GR10", "GX20".

hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)

In terms of dnsmasq, the Go platform will update its software in lieu of the MR platform as listed on the PSIRT advisory.

 

I understand that remains unclear as of today. However, for the purposes of this vulnerability, the firmware release version for the MR will be applicable to the GR platform. An upcoming release will reveal firmware versions in the app, thus helping close the gap and ensure (once available) the patch is installed successfully on any devices.

olavrb
Getting noticed

Is this patched now?

hidden0
Meraki Alumni (Retired)
Meraki Alumni (Retired)

Hi @olavrb 

 

I see it is still not listed as fixed on the aforementioned websites, but I do believe a patch has been released and made available for the GR for version 27.7 and beyond. I will work to ensure this information is distributed accordingly, as well as circle back here if I find that this is not the case.

 

Most of our users are on 27.7 firmware, but if you have yet to be upgraded our support team would be more than happy to help. You can get in touch by opening a support case in the mobile app.