A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) characteristic that, if efficiently exploited, may have been abused to distribute malicious firmware packages.
The vulnerability, tracked as CVE-2024-54143, carries a CVSS rating of 9.3 out of a most of 10, indicating essential severity. Flatt Safety researcher RyotaK has been credited with discovering and reporting the flaw on December 4, 2024. The difficulty has been patched in ASU model 920c8a1.
“Because of the mixture of the command injection within the imagebuilder picture and the truncated SHA-256 hash included within the construct request hash, an attacker can pollute the respectable picture by offering a bundle checklist that causes the hash collision,” the mission maintainers mentioned in an alert.
OpenWrt is a well-liked open-source Linux-based working system for routers, residential gateways, and different embedded gadgets that route community visitors.
Profitable exploitation of the shortcoming may basically enable a menace actor to inject arbitrary instructions into the construct course of, thereby resulting in the manufacturing of malicious firmware photos signed with the respectable construct key.
Even worse, a 12-character SHA-256 hash collision related to the construct key could possibly be weaponized to serve a beforehand constructed malicious picture within the place of a respectable one, posing a extreme provide chain danger to downstream customers.
“An attacker wants the power to submit construct requests containing crafted bundle lists,” OpenWrt famous. “No authentication is required to use the vulnerabilities. By injecting instructions and inflicting hash collisions, the attacker can drive respectable construct requests to obtain a beforehand generated malicious picture.”
RyotaK, who offered a technical breakdown of the bug, mentioned it is not recognized if the vulnerability was ever exploited within the wild as a result of it has “existed for some time.” Customers are beneficial to replace to the newest model as quickly as potential to safeguard towards potential threats.
