Vulnerabilities > CVE-2020-7982 - Improper Check for Unusual or Exceptional Conditions vulnerability in Openwrt Lede and Openwrt
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 | |
OS | 11 |
Common Weakness Enumeration (CWE)
The Hacker News
id | THN:673914B3A75E597A20671F08858EA1FA |
last seen | 2020-03-24 |
modified | 2020-03-24 |
published | 2020-03-24 |
reporter | The Hacker News |
source | https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html |
title | Critical RCE Bug Affects Millions of OpenWrt-based Network Devices |
Related news
References
- https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/
- https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/
- https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982
- https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982
- https://github.com/openwrt/openwrt/commits/master
- https://github.com/openwrt/openwrt/commits/master
- https://openwrt.org/advisory/2020-01-31-1
- https://openwrt.org/advisory/2020-01-31-1