A safety flaw has been disclosed in OpenWrt‘s Attended Sysupgrade (ASU) characteristic that, if efficiently exploited, might have been abused to distribute malicious firmware packages.
The vulnerability, tracked as CVE-2024-54143, carries a CVSS rating of 9.3 out of a most of 10, indicating important severity. Flatt Safety researcher RyotaK has been credited with discovering and reporting the flaw on December 4, 2024. The difficulty has been patched in ASU model 920c8a1.
“Because of the mixture of the command injection within the imagebuilder picture and the truncated SHA-256 hash included within the construct request hash, an attacker can pollute the reputable picture by offering a package deal record that causes the hash collision,” the challenge maintainers mentioned in an alert.
OpenWrt is a well-liked open-source Linux-based working system for routers, residential gateways, and different embedded units that route community visitors.
Profitable exploitation of the shortcoming might basically enable a risk actor to inject arbitrary instructions into the construct course of, thereby resulting in the manufacturing of malicious firmware pictures signed with the reputable construct key.
Even worse, a 12-character SHA-256 hash collision related to the construct key could possibly be weaponized to serve a beforehand constructed malicious picture within the place of a reputable one, posing a extreme provide chain threat to downstream customers.
“An attacker wants the flexibility to submit construct requests containing crafted package deal lists,” OpenWrt famous. “No authentication is required to use the vulnerabilities. By injecting instructions and inflicting hash collisions, the attacker can power reputable construct requests to obtain a beforehand generated malicious picture.”
RyotaK, who supplied a technical breakdown of the bug, mentioned it is not recognized if the vulnerability was ever exploited within the wild as a result of it has “existed for some time.” Customers are really useful to replace to the newest model as quickly as doable to safeguard towards potential threats.