Critical OpenWrt Flaw Allows Malicious Firmware Injection

Critical OpenWrt Flaw Allows Malicious Firmware Injection

Critical Vulnerability Discovered in OpenWrt’s Attended Sysupgrade Feature: What You Need to Know

A serious security flaw has been identified in OpenWrt’s Attended Sysupgrade (ASU) feature, raising alarms among users and developers alike. This vulnerability, designated as CVE-2024-54143, poses a significant risk by allowing malicious firmware packages to be distributed if exploited. With a critical CVSS score of 9.3 out of 10, this issue demands immediate attention from the OpenWrt community and users of the popular open-source Linux-based operating system.

Overview of the Vulnerability in OpenWrt

The vulnerability impacts the ASU feature of OpenWrt, which is widely used for routers and embedded devices that manage network traffic. Discovered by Flatt Security researcher RyotaK on December 4, 2024, this flaw has serious implications for the integrity of firmware images built using the ASU tool. OpenWrt has since released a patch in version 920c8a1 to address the issue.

How the Flaw Works

  • Command Injection: The vulnerability allows attackers to exploit command injection within the imagebuilder image.
  • SHA-256 Hash Collision: A truncated 12-character SHA-256 hash can be manipulated, leading to the potential replacement of legitimate firmware images with malicious ones.
  • No Authentication Required: Attackers do not need authenticated access to submit crafted build requests, making exploitation easier.

According to OpenWrt maintainers, "An attacker can pollute the legitimate image by providing a package list that causes the hash collision." This scenario poses a severe supply chain risk, as compromised firmware could be signed with a legitimate build key, making it indistinguishable from safe versions.

Recommended Actions for Users

To protect against this threat, users are strongly advised to take the following actions:

  1. Update OpenWrt: Install the latest version (920c8a1) that includes the patch for this vulnerability.
  2. Review Security Protocols: Ensure that all security measures are in place, especially if your device is accessible over the internet.
  3. Monitor for Updates: Stay informed about any further disclosures or patches related to this vulnerability.

Community Response and Further Resources

The OpenWrt community has been actively discussing the implications of this vulnerability. It’s crucial for users to remain vigilant and proactive in securing their devices. For more detailed information about this vulnerability, you can refer to the official CVE database and the OpenWrt security advisory.

Conclusion

The discovery of CVE-2024-54143 highlights the importance of maintaining updated software in embedded and network devices. By promptly addressing this vulnerability, users can safeguard their systems against potential exploitation by malicious actors. For ongoing updates and discussions about OpenWrt and its security, follow us on Twitter and LinkedIn to stay informed.

What are your thoughts on this vulnerability? Have you updated your OpenWrt systems yet? Share your experiences in the comments below or check out related articles for more insights!

Share it

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *