Remote code execution vulnerability on Linux affects millions of network devices

A researcher specializing in database security audit has reported the finding of a remote code execution vulnerability in the OpenWrt operating system, which could be exploited to inject malicious payloads into an affected system.  

This is a Linux-based operating system primarily used for the operation of integrated devices and network routers. OpenWrt is employed by companies from multiple industrial sectors around the world.

An update implemented to address a previous vulnerability allowed the package manager to ignore SHA-256 checksums embedded in the signed repository index, allowing threat actors to bypass the integrity check of downloaded .ipk components.

According to database security audit experts, hackers must send compromised packets from a web server and intercept communication between the device and the downloads.openwrt.org address to exploit the vulnerability. Failing that, a threat actor could take control of the DNS server that the target device used to make downloads.openwrt.org target a malicious web server.

In fact, opkg in OpenWrt runs as root, allowing threat actors to gain write access to all file systems to perform an arbitrary code injection remotely using counterfeit .ipk packages with a payload Malicious.

Database security audit experts mention that completing the attack also requires hackers to deploy a Man-in-the-Middle (MiTM) attack to serve a valid and signed package index; for example, one obtained from downloads.openwrt.org, in addition to one or more counterfeit .ipk packages that are the same size as specified in the repository index while an ‘opkg install’ command is invoked on the victim’s system.

The vulnerability was tracked as CVE-2020-7982 by the Common Vulnerability Scoring System (CVSS). Affected deployment administrators are prompted to install the required updates as soon as possible. Security patches are available on official developer platforms.

The International Institute of Cyber Security (IICS) recommends checking the official platforms of the developers of this distribution to download the corresponding updates and find more details about these flaws.