Category | Details |
---|---|
Threat Actors | Not specifically mentioned; potential threat actors include any malicious entity aiming to exploit CVE-2024-54143. |
Campaign Overview | A security vulnerability in OpenWrt’s Attended Sysupgrade (ASU) feature could be exploited to inject malicious firmware. |
Target Regions (Victims) | OpenWrt users globally, particularly organizations and individuals using OpenWrt on routers and embedded devices. |
Methodology | Exploiting the build process by injecting arbitrary commands into the ASU feature, leveraging a hash collision vulnerability. |
Product Targeted | OpenWrt’s Attended Sysupgrade (ASU) feature. |
Malware Reference | Malicious firmware images generated and signed with legitimate build keys. |
Tools Used | Exploiting build request submissions, package lists, SHA-256 hash collisions. |
Vulnerabilities Exploited | CVE-2024-54143, a command injection and hash collision flaw in OpenWrt’s ASU feature. |
TTPs | ➡ Injecting malicious code into build processes ➡ Exploiting SHA-256 hash collisions ➡ Supply chain attacks targeting firmware distribution. |
Attribution | Discovered by researcher RyotaK (Flatt Security). OpenWrt developers confirmed the flaw’s existence and patch availability. |
Recommendations | ➡ Update to OpenWrt version 920c8a1 or later to mitigate risks. ➡ Ensure prompt patching to prevent exploitation. |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html
The above summary has been generated by an AI language model
Leave a Reply