CyberSecurity updates
2024-12-26 16:14:48 Pacfic
2024-12-26 16:14:48 Pacfic
Critical OpenWrt Firmware Update Vulnerability - 8d
Read more: securityonline.info
ImgSrc: securityonline.info
A critical vulnerability (CVE-2024-54143) in OpenWrt’s Attended SysUpgrade (ASU) server allowed attackers to inject malicious firmware images during updates. The vulnerability exploited a truncated SHA-256 hash collision and a command injection flaw, putting many routers at risk. OpenWrt developers quickly addressed the vulnerability in updated releases. This attack highlights the criticality of securing the firmware update process and the risk of supply chain attacks affecting embedded devices.
ImgSrc: securityonline.info
References:
- Cyber Security News - Information about the OpenWrt supply chain attack that uses a SHA-256 collision and command injection. - 15d
- Malware Analysis, News and Indicators - Details about a critical OpenWrt vulnerability enabling malicious firmware installation. - 15d
- Vulnerability Archives - Report on the vulnerability in OpenWrt's Attended SysUpgrade (ASU) server that allows for firmware poisoning. - 15d
- SOCRadar - Details about the critical vulnerability (CVE-2024-54143) in OpenWrt’s Attended SysUpgrade (ASU) server, allowing attackers to compromise firmware integrity. - 15d
- Over Security - Security researcher RyotaK discovered a vulnerability in OpenWrt's sysupgrade mechanism that allows for command injection. - 15d
- SCM feed for Security Strategy, Plan, Budget - Critical OpenWrt bug enabling malicious firmware image installation addressed - 15d
Classification:
- HashTags: OpenWrt FirmwareVulnerability SupplyChainAttack
- Company: OpenWrt
- Target: OpenWrt users
- Product: OpenWrt
- Feature: Firmware Updates
- Type: Vulnerability
- Severity: Major