Vulnerabilities > CVE-2020-7982 - Improper Check for Unusual or Exceptional Conditions vulnerability in Openwrt Lede and Openwrt

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

openwrt

CWE-754

NVD

Published: 2020-03-16

Updated: 2023-05-24

Summary

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).

Vulnerable Configurations

Part	Description	Count
Application	Openwrt Openwrt Lede 17.01.0 Openwrt Lede 17.01.1 Openwrt Lede 17.01.2 Openwrt Lede 17.01.3 Openwrt Lede 17.01.4 Openwrt Lede 17.01.5 Openwrt Lede 17.01.6 Openwrt Lede 17.01.7	8
OS	Openwrt Openwrt Openwrt 18.06.0 Openwrt Openwrt 18.06.1 Openwrt Openwrt 18.06.2 Openwrt Openwrt 18.06.3 Openwrt Openwrt 18.06.4 Openwrt Openwrt 18.06.5 Openwrt Openwrt 18.06.6 Openwrt Openwrt 19.07.0	11

Common Weakness Enumeration (CWE)

CWE-754 - Improper Check for Unusual or Exceptional Conditions

The Hacker News

id	THN:673914B3A75E597A20671F08858EA1FA
last seen	2020-03-24
modified	2020-03-24
published	2020-03-24
reporter	The Hacker News
source	https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
title	Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

Vulnerabilities > CVE-2020-7982 - Improper Check for Unusual or Exceptional Conditions vulnerability in Openwrt Lede and Openwrt

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

The Hacker News

Related news

References