Millions of routers running OpenWRT vulnerable to attack


Fully [H]
Aug 3, 2004

"A vulnerability (CVE-2020-7982) discovered in the package manager of the OpenWRT open source operating system could allow attackers to compromise the embedded and networking devices running it. "

CVE-2020-7982 is a bug in the OpenWRT’s OPKG package manager that may allow attackers to bypass the integrity checking of downloaded .ipk packages.

“Due to the fact that opkg on OpenWRT runs as root and has write access to the entire filesystem, arbitrary code could be injected by the means of forged .ipk packages with malicious payload,” the maintainers explained

More information about the flaw can be found in this blog post by researcher Guido Vranken, working for ForAllSecure, who discovered and reported it.

But, in short:

  • The attacker must either intercept and replace communication between the vulnerable device and the download web server or be able to change the device’s DNS settings to make point to a web server controlled by the attacker, and
  • Make sure that the forged, malicious package is the same size as the legitimate package (as specified in the repository index).