Published: 16/03/2020 Updated: 24/05/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager prior to 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle malicious user to inject arbitrary package payloads (which are installed without verification).

Vulnerable Product	Search on Vulmon	Subscribe to Product
openwrt lede
openwrt openwrt
openwrt openwrt 19.07.0

Damn Vulnerable Router Firmware(DVRF)

Danm Vulnerable Router Firmware 介绍 DVRF 的全称是 Danm Vulnerable Router Firmware，该项目是一个基于 OpenWrt 改造的漏洞固件。用 CTF 模式来帮助安全专业人员测试物联网设备中常见的漏洞，其中部分漏洞题基于公开的 CVE 漏洞。 DVRF 描述 L1 Brute Login L2 Damn XSS (CVE-2019-18993) L3 What‘s your bandwidt

CWE-345 CWE-754 https://github.com/openwrt/openwrt/commits/master https://openwrt.org/advisory/2020-01-31-1 https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982 https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/https://nvd.nist.gov https://github.com/BloodyOrangeMan/DVRF

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-7982

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect