Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:59 a.m.16 views

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

8.1CVSS6.8AI score0.01588EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2022/08/23 12:0 a.m.17 views

OpenWRT < 18.06.7, 19.x < 19.07.1 Multiple Vulnerabilities

OpenWRT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS7.9AI score0.02486EPSS
Exploits3References2
The Hacker News
The Hacker News
added 2020/03/24 8:6 p.m.80 views

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...

8.1CVSS0.6AI score0.01588EPSS
Exploits3
OSV
OSV
added 2020/03/16 10:15 p.m.26 views

CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...

8.1CVSS6.8AI score0.01588EPSS
Exploits3References4
CVE
CVE
added 2020/03/16 9:5 p.m.89 views

CVE-2020-7982

OpenWrt/OpenWrt-derived builds are affected by CVE-2020-7982. A bug in the opkg package manager fork (before 2020-01-25) misparses embedded checksums in the signed repository index, enabling a man-in-the-middle attacker to inject arbitrary package payloads that are installed without verification....

8.1CVSS7.9AI score0.01588EPSS
Exploits3References4Affected Software2
OpenWrt
OpenWrt
added 2020/01/31 12:0 a.m.43 views

Security Advisory 2020-01-31-1 - Opkg susceptible to MITM (CVE-2020-7982)

DESCRIPTION A bug in the package list parse logic of OpenWrt's opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts. The bug has been introduced with commit...

8.1CVSS8.5AI score0.01588EPSS
Exploits3
Rows per page
Query Builder