A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic.
Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the way it performs integrity checking of downloaded packages using the SHA-256 checksums embedded in the signed repository index.
While an ‘opkg install’ command is invoked on the victim system, the flaw could allow a remote man-in-the-middle attacker in a position to intercept the communication of a targeted device to execute arbitrary code by tricking the system into installing a malicious package or software update without verification.
If exploited successfully, a remote attacker could gain complete control over the targeted OpenWrt network device, and subsequently, over the network traffic it manages.
The three-year-old vulnerability was discovered earlier this year by Guido Vranken from the ForAllSecure software company, who then reported it responsibly to the OpenWrt development team.
In a blog post published today, Vranken explained that when a checksum contains any leading spaces, OPKG on the vulnerable versions of OpenWrt skips checking the integrity of the downloaded package and proceeds to the installation task.
images from Hacker News