Design/Logic Flaw

2020-03-1622:15:00

PRIOn knowledge base

www.prio-n.com

7.9 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).

CPENameOperatorVersion
ledege17.01.0
ledele17.01.7
openwrtge18.06.0
openwrtlt18.06.7
openwrteq19.07.0

Name	Operator	Version
lede	ge	17.01.0
lede	le	17.01.7
openwrt	ge	18.06.0
openwrt	lt	18.06.7
openwrt	eq	19.07.0

References

arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/

blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982

github.com/openwrt/openwrt/commits/master

openwrt.org/advisory/2020-01-31-1