CVE-2020-7982
HIGHOpenWrt 18.06.0-18.06.6, 19.07.0 & LEDE 17.01.0-17.01.7 - RCE via Opkg Checksum Bypass
Title source: llmDescription
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/openwrt/openwrt/commits/master
Vendor Advisory x_refsource_confirm
https://openwrt.org/advisory/2020-01-31-1
Exploit, Third Party Advisory x_refsource_misc
https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982
Exploit, Press/Media Coverage, Third Party Advisory x_refsource_misc
https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/
Scores
CVSS v3
8.1
EPSS
0.0159
EPSS Percentile
72.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-345
CWE-754
Status
published
Products (3)
openwrt/lede
17.01.0 - 17.01.7
openwrt/openwrt
19.07.0
openwrt/openwrt
18.06.0 - 18.06.7
Published
Mar 16, 2020
Tracked Since
Feb 18, 2026