A safety flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) characteristic that, if efficiently exploited, may have been abused to distribute malicious firmware packages.
The vulnerability, tracked as CVE-2024-54143, carries a CVSS rating of 9.3 out of a most of 10, indicating important severity. Flatt Safety researcher RyotaK has been credited with discovering and reporting the flaw on December 4, 2024. The problem has been patched in ASU model 920c8a1.
“As a result of mixture of the command injection within the imagebuilder picture and the truncated SHA-256 hash included within the construct request hash, an attacker can pollute the reliable picture by offering a bundle listing that causes the hash collision,” the mission maintainers stated in an alert.
OpenWrt is a well-liked open-source Linux-based working system for routers, residential gateways, and different embedded units that route community visitors.
Profitable exploitation of the shortcoming may basically permit a menace actor to inject arbitrary instructions into the construct course of, thereby resulting in the manufacturing of malicious firmware pictures signed with the reliable construct key.
Even worse, a 12-character SHA-256 hash collision related to the construct key might be weaponized to serve a beforehand constructed malicious picture within the place of a reliable one, posing a extreme provide chain threat to downstream customers.
“An attacker wants the flexibility to submit construct requests containing crafted bundle lists,” OpenWrt famous. “No authentication is required to take advantage of the vulnerabilities. By injecting instructions and inflicting hash collisions, the attacker can power reliable construct requests to obtain a beforehand generated malicious picture.”
RyotaK, who supplied a technical breakdown of the bug, stated it isn’t recognized if the vulnerability was ever exploited within the wild as a result of it has “existed for some time.” Customers are really useful to replace to the newest model as quickly as potential to safeguard towards potential threats.