techriot (inlägg med hubzilla) on Nostr: OpenWRT Close Call. Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision ...
OpenWRT Close Call.
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision & Command Injection.
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router. After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.
#OpenWRT #Routers #Firmware #Open_Source #Embed #Devices #Operating_Systems
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision & Command Injection.
Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router. After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.
#OpenWRT #Routers #Firmware #Open_Source #Embed #Devices #Operating_Systems