Critical OpenWrt Vulnerability Allowed Remote Code Execution On Target Devices

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

A serious vulnerability reportedly existed in OpenWrt – a Linux-based operating system. This critical vulnerability allows for remote code execution on a target OpenWrt device.

OpenWrt RCE Vulnerability

Security researcher Guido Vranken has disclosed a serious security flaw affecting OpenWrt-based devices. Upon an exploit, the vulnerability could allow an attacker to take complete control of the target OpenWrt-based device.

Describing his findings in a blog post, the researcher stated that this critical vulnerability (CVE-2020-7982) existed for about three years.

The bug specifically affected the OPKG utility of the OpenWrt system. Under normal conditions, OPKG retrieves digitally signed package lists before installation. However, due to a bug in checksum_hex2bin, OPKG could not recognize malicious packages and would proceed installation. Thus, an attacker could simply conduct a MiTM attack to serve maliciously crafted signed packages from the webserver.

The attacker must either be in a position to intercept and replace communication between the device and downloads.openwrt.org, or control the DNS server used by the device to make downloads.openwrt.org point to a web server controlled by the attacker.”

Further technical details are available in the researcher’s blog post.

Patch Released – Update Now

Acknowledging the existence of the vulnerability CVE-2020-7982, OpenWrt has shared an advisory. Describing the flaw, the advisory reads,

A bug in the package list parse logic of OpenWrt’s opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts.

Since OPKG executes with root privileges on OpenWrt, arbitrary code execution became possible simply by injecting forged .ipk packages with malicious payloads.

The bug affected OpenWrt versions 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. Whereas, the patches are available with OpenWrt 18.06.7, OpenWrt 19.07.1. Users of the respective devices must ensure updating their systems to the patched versions.

Besides, OpenWrt has also shared other ways to mitigate the vulnerability in the advisory.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!