6.8
CVSSv2

CVE-2020-7982

Published: 16/03/2020 Updated: 25/03/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

An issue exists in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager prior to 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle malicious user to inject arbitrary package payloads (which are installed without verification).

Vulnerability Trend

Affected Products

Vendor Product Versions
OpenwrtLede17.01.0, 17.01.1, 17.01.2, 17.01.3, 17.01.4, 17.01.5, 17.01.6, 17.01.7
OpenwrtOpenwrt18.06.0, 18.06.1, 18.06.3, 18.06.4, 18.06.5, 18.06.6, 19.07.0