Ars: OpenWRT code-execution bug puts millions of devices at risk

Thread starter Dan Goodin
Start date Mar 31, 2020

Dan Goodin

Guest

Mar 31, 2020

Enlarge (credit: OpenWRT)
For almost three years, OpenWRT—the open source operating system that powers home routers and other types of embedded systems—has been vulnerable to remote code-execution attacks because updates were delivered over an unencrypted channel and digital signature verifications are easy to bypass, a researcher said.

These code-execution exploits are limited in their scope because adversaries must either be in a position to conduct a man-in-the-middle attack or tamper with the DNS server that a device uses to find the update on the Internet.

Continue reading on Ars Technica

Last edited by a moderator: Apr 1, 2020

You must log in or register to reply here.

Email Link

Latest threads

D
Support for RT-BE58U?
- Started by dwp
- Yesterday at 9:36 PM
- Replies: 1
Asuswrt-Merlin
GL.iNet GL-BE6500 $114
- Started by Gar
- Yesterday at 3:33 PM
- Replies: 0
Hot Deals
F
Release ASUS ZenWiFi BT10 Firmware version 3.0.0.6.102_39110 (2026/04/02)
- Started by fruitcornbread
- Yesterday at 2:16 PM
- Replies: 0
ASUSWRT - Official
D
Smaller Alternative to GT-AX11000 Pro?
- Started by dwp
- Yesterday at 12:45 PM
- Replies: 6
ASUS Wi-Fi
J
GT-AXE11000 Stability help needed after NAND replacement (amtm/Scribe setup)
- Started by jr lee
- Yesterday at 9:25 AM
- Replies: 1
Asuswrt-Merlin AddOns

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 3,930 (members: 7, guests: 3,923)

We value your privacy

We use essential cookies to make this site work, and optional cookies to enhance your experience.

See further information and configure your preferences

Accept all cookies Reject optional cookies
Essential cookies

These cookies are required to enable core functionality such as security, network management, and accessibility. You may not reject these.

Optional cookies

We deliver enhanced functionality for your browsing experience by setting these cookies. If you reject them, enhanced functionality will be unavailable.

Third-party cookies

Cookies set by third parties may be required to power functionality in conjunction with various service providers for security, analytics, performance or advertising purposes.

Detailed cookie usage

Privacy policy

Back

Top

✖

Search