Well, at least all this CPE checks in for security updates every night so this should be fixable. Oh wait, no, nevermind, they don't. :-(
This is getting to be the vulnerability of the week club for home gateway devices - quite concerning. JL On 3/14/14, 12:05 PM, "Merike Kaeo" <mer...@doubleshotsecurity.com> wrote: > >On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer <bortzme...@nic.fr> >wrote: > >> On Fri, Mar 14, 2014 at 01:59:27PM +0000, >> Nick Hilliard <n...@foobar.org> wrote >> a message of 10 lines which said: >> >>> did you characterise what dns servers / embedded kit were >>> vulnerable? >> >> He said "We have not been able to nail this vulnerability down to a >> single box or manufacturer" so it seems the answer is No. > > > >It is my understanding that many CPEs work off of same reference >implementation(s). I haven't >had any cycles for this but with all the CPE issues out there it would be >interesting to have >a matrix of which CPEs utilize which reference implementation. That may >start giving some clues. > >Has someone / is someone doing this? > >- merike >
