OpenWrt Vulnerability

openwrt

An RCE vulnerability has recently been discovered that affects OpenWrt, a widely used Linux-based operating system for routers and other network traffic routing equipment.
This defect, which is tracked with the ID CVE-2020-7982 and with the severity of CVSS 3.x=8.1, has been detected in the OPKG package manager of the OpenWrt operating system.
When the opkg install command is run on the victim system. This vulnerability could allow a mitm[1] attacker to disconnect the target device by tricking the system into installing a malicious package or unapproved software update and in order to execute arbitrary code remotely.
If successfully exploited, a remote attacker can gain complete control over the target device and subsequently the network traffic it manages. Accordingly, when a checksum contains any leading white space [2] , OPKG in vulnerable versions of OpenWrt ignores checking the validity of downloaded packages and installs the program.

Since opkg in OpenWrt runs as root and has access to the entire filesystem, arbitrary code can be injected using fake .ipk packages with a malicious payload.
Remote exploitation of this vulnerability is possible because authentication in Linux-based software installation mechanisms relies on digitally signing files and when downloading files over an insecure HTTP connection. Additionally, to exploit the vulnerability, attackers would also need to provide a malicious package with a size equal to that specified in the Downloads.openwrt.org package list.

Vulnerable versions of OpenWrt:
According to the project team, versions 18.06.0 to 18.06.6 and 19.07.0 are affected, as well as LEDE 17.01.0 to 17.01.7.

Solution:

 

To fix this issue, affected users are advised to upgrade their device’s OS to the latest OpenWrt versions 18.06.7 and 19.07.1 released last month.

[1] man-in-the-middle

[2] Leading space

Narrated by: Cert.ir

NewsUncategorized

CVE-2020-7982openwrt

Leave a Reply

Your email address will not be published. Required fields are marked *