Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Category	Details
Threat Actors	Not specifically mentioned; potential threat actors include any malicious entity aiming to exploit CVE-2024-54143.
Campaign Overview	A security vulnerability in OpenWrt’s Attended Sysupgrade (ASU) feature could be exploited to inject malicious firmware.
Target Regions (Victims)	OpenWrt users globally, particularly organizations and individuals using OpenWrt on routers and embedded devices.
Methodology	Exploiting the build process by injecting arbitrary commands into the ASU feature, leveraging a hash collision vulnerability.
Product Targeted	OpenWrt’s Attended Sysupgrade (ASU) feature.
Malware Reference	Malicious firmware images generated and signed with legitimate build keys.
Tools Used	Exploiting build request submissions, package lists, SHA-256 hash collisions.
Vulnerabilities Exploited	CVE-2024-54143, a command injection and hash collision flaw in OpenWrt’s ASU feature.
TTPs	➡ Injecting malicious code into build processes ➡ Exploiting SHA-256 hash collisions ➡ Supply chain attacks targeting firmware distribution.
Attribution	Discovered by researcher RyotaK (Flatt Security). OpenWrt developers confirmed the flaw’s existence and patch availability.
Recommendations	➡ Update to OpenWrt version 920c8a1 or later to mitigate risks. ➡ Ensure prompt patching to prevent exploitation.
Source	The Hackers News

Read full article: https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html

The above summary has been generated by an AI language model