Technology

Major Security Flaw in OpenWrt Allows Hackers to Deploy Malicious Firmware: Are You Protected?

2024-12-09

Author: Sarah

A newly discovered vulnerability in OpenWrt's Attended Sysupgrade feature has raised significant concerns about the security of custom firmware for embedded devices, particularly routers and Internet of Things (IoT) hardware. This flaw could let hackers push harmful firmware packages to unsuspecting users.

OpenWrt, a popular open-source, Linux-based operating system, is widely used for various network devices and is favored over manufacturer-provided firmware due to its extensive customization options and advanced features. It supports a broad range of devices from brands such as ASUS, D-Link, and Zyxel, effectively revamping their functionality and performance.

The flaw, identified as CVE-2024-54143 and given a high severity score of 9.3 on the CVSS v4 scale, was uncovered by security researcher RyotaK from Flatt Security while conducting routine updates in a personal lab. The critical nature of this exploit raised immediate flags, prompting swift action from the OpenWrt development team.

The Flaw Unveiled: Command Injection and Hash Truncation

The vulnerability arises from an insecure handling of user inputs in the sysupgrade.openwrt.org service, particularly through command injection via package names when utilizing the 'make' command. Alongside this, a secondary issue stems from the use of a truncated SHA-256 hash for caching firmware builds, significantly reducing its effectiveness against brute-force attacks.

RyotaK demonstrated the combined vulnerability, using a powerful RTX 4090 graphics card and the Hashcat tool to show how attackers could modify legitimate firmware to deliver malicious updates to users' devices. This poses a serious risk to the integrity and security of devices that rely on OpenWrt for their operating firmware.

Rapid Response from OpenWrt Team

Upon disclosure of this flaw, the OpenWrt team acted quickly, taking the sysupgrade.openwrt.org service offline for a thorough review, implementing necessary fixes, and restoring it just three hours later. Fortunately, they found no evidence of active exploitation or malicious requests impacting recent firmware builds. However, due to their limited visibility, they strongly recommend that all users check for the latest firmware and perform upgrades as a precaution.

Protect Yourself: Upgrade Now!

While the OpenWrt team asserts that the likelihood of compromised images is minimal, the potential consequences of this vulnerability make it crucial for all OpenWrt users to take proactive measures. They advise performing an in-place upgrade to eliminate any risks associated with potentially insecure firmware images.

As cybersecurity threats continue to evolve, staying informed and responding swiftly to vulnerabilities is essential. Users of OpenWrt and other programmable embedded systems must remain vigilant to safeguard their networks from malicious attacks. If you operate a public instance of the Attended Sysupgrade feature, it is imperative that you update immediately to ensure your setup remains secure.

In an age where digital security is increasingly paramount, taking these precautionary steps could mean the difference between a secure network and a compromised one. Protect your devices today!