OpenWRT code-execution bug puts millions of devices at risk (Ars Technica)
([Security] Apr 1, 2020 15:06 UTC (Wed) (corbet))
- Reference: 0000816516
- News link: https://lwn.net/Articles/816516/
- Source link:
Ars Technica [1]reports on the recently disclosed OpenWrt package verification vulnerability. The headline may be a bit overwrought, though. " These code-execution exploits are limited in their scope because adversaries must either be in a position to conduct a man-in-the-middle attack or tamper with the DNS server that a device uses to find the update on the Internet. That means routers on a network that has no malicious users and using a legitimate DNS server are safe from attack. " It also assumes that people actually update their routers, which seems unlikely in most cases in the real world.
[1] https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/
[1] https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/
OpenWRT code-execution bug puts millions of devices at risk (Ars Technica)
So your router is secure as long as your DNS is secure. Hmm
OpenWRT code-execution bug puts millions of devices at risk (Ars Technica)
So your router is secure as long as your DNS is secure. Hmm