Show vulnerabilities with patch / with exploit
25 March 2020

Critical RCE-flaw puts OpenWrt-based network devices at risk of takeover


Critical RCE-flaw puts OpenWrt-based network devices at risk of takeover

OpenWrt developer team has fixed a dangerous vulnerability that allowed an attacker to remotely execute arbitrary code and gain complete control over a targeted device.

OpenWrt (OPEN Wireless RouTer) is an open source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. OpenWrt can run on various types of devices, including CPE routers, residential gateways, smartphones, pocket computers, and laptops.

The bug was assigned the CVE identifier CVE-2020-7982. The vulnerability in the package list parse logic of OpenWrt's opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts.

In order to exploit this flaw, an attacker must either be in a position to intercept and replace communication between the device and downloads.openwrt.org, or control the DNS server used by the device to make downloads.openwrt.org point to a web server under the attacker’s control.

“Due to the fact that opkg on OpenWrt runs as root and has write access to the entire filesystem, arbitrary code could be injected by the means of forged .ipk packages with malicious payload,” OpenWrt team explained.

The CVE-2020-7982 vulnerability affects OpenWrt versions 18.06.0 to 18.06.6 and 19.07.0 as well as LEDE 17.01.0 to 17.01.7. The fixed packages are integrated in the OpenWrt 18.06.7, OpenWrt 19.07.1 and subsequent releases. The older OpenWrt versions (e.g. OpenWrt 15.05 and LEDE 17.01) will not receive a fix as they are not supported any more.

Back to the list

Latest Posts

Vulnerability summary for the week: March 27, 2020

Vulnerability summary for the week: March 27, 2020

Weekly vulnerability digest.
27 March 2020
Unpatched iOS bug prevents VPN apps from encrypting all traffic

Unpatched iOS bug prevents VPN apps from encrypting all traffic

Affected versions of iOS fail to close existing internet connections when a user connects to a VPN.
27 March 2020
Rare BadUSB attack detected in the wild

Rare BadUSB attack detected in the wild

This case is a perfect example of how simple social engineering, a Best Buy gift card, and an BadUSB device could be used to compromise a company.
27 March 2020