6 matches found
CVE-2020-7982
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...
OpenWRT < 18.06.7, 19.x < 19.07.1 Multiple Vulnerabilities
OpenWRT is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Critical RCE Bug Affects Millions of OpenWrt-based Network Devices
A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...
CVE-2020-7982
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary...
CVE-2020-7982
OpenWrt/OpenWrt-derived builds are affected by CVE-2020-7982. A bug in the opkg package manager fork (before 2020-01-25) misparses embedded checksums in the signed repository index, enabling a man-in-the-middle attacker to inject arbitrary package payloads that are installed without verification....
Security Advisory 2020-01-31-1 - Opkg susceptible to MITM (CVE-2020-7982)
DESCRIPTION A bug in the package list parse logic of OpenWrt's opkg fork caused the package manager to ignore SHA-256 checksums embedded in the signed repository index, effectively bypassing integrity checking of downloaded .ipk artifacts. The bug has been introduced with commit...