Press ESC to close

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

Category Details
Threat Actors Not specifically mentioned; potential threat actors include any malicious entity aiming to exploit CVE-2024-54143.
Campaign Overview A security vulnerability in OpenWrt’s Attended Sysupgrade (ASU) feature could be exploited to inject malicious firmware.
Target Regions (Victims) OpenWrt users globally, particularly organizations and individuals using OpenWrt on routers and embedded devices.
Methodology Exploiting the build process by injecting arbitrary commands into the ASU feature, leveraging a hash collision vulnerability.
Product Targeted OpenWrt’s Attended Sysupgrade (ASU) feature.
Malware Reference Malicious firmware images generated and signed with legitimate build keys.
Tools Used Exploiting build request submissions, package lists, SHA-256 hash collisions.
Vulnerabilities Exploited CVE-2024-54143, a command injection and hash collision flaw in OpenWrt’s ASU feature.
TTPs ➡ Injecting malicious code into build processes
➡ Exploiting SHA-256 hash collisions
➡ Supply chain attacks targeting firmware distribution.
Attribution Discovered by researcher RyotaK (Flatt Security). OpenWrt developers confirmed the flaw’s existence and patch availability.
Recommendations ➡ Update to OpenWrt version 920c8a1 or later to mitigate risks.
➡ Ensure prompt patching to prevent exploitation.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html

The above summary has been generated by an AI language model

Source: TheHackersNews

Published on: December 13, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *