Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in OpenWrt/LEDE



Published: 2020-03-25
Severity High
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2020-7982
CVE-2020-7248
CWE ID CWE-74
CWE-787
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
OpenWrt
Operating systems & Components / Operating system

LEDE
Operating systems & Components / Operating system

Vendor openwrt.org

Security Advisory

1) Improper Neutralization of Special Elements in Output Used by a Downstream Component

Severity: High

CVSSv3: 8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7982

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: Yes [Search exploit]

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the OPKG package manager due to the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index. A remote attacker can perform a man-in-the-middle attack, inject arbitrary package payloads and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenWrt: 18.06.0, 18.06.1, 18.06.2, 18.06.3, 18.06.4, 18.06.5, 18.06.6, 19.07.0

LEDE: 17.01.0, 17.01.1, 17.01.2, 17.01.3, 17.01.4, 17.01.5, 17.01.6, 17.01.7

CPE External links

https://github.com/openwrt/openwrt/commits/master
https://openwrt.org/advisory/2020-01-31-1
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Out-of-bounds write

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-7248

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in libubox library. A remote attacker can provide a specially crafted binary blob or JSON input to "blobmsg_format_json", trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenWrt: 18.06.0, 18.06.1, 18.06.2, 18.06.3, 18.06.4, 18.06.5, 18.06.6, 19.07.0

CPE External links

https://github.com/openwrt/openwrt/commits/master
https://openwrt.org/advisory/2020-01-31-2

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.