Such a flaw, which could be exploited without authentication, stems from a command injection issue in Imagebuilder that enables arbitrary command injections in the build process and truncated SHA-256 hash collisions that allow reduced entropy that ultimately results in artifact cache compromise, according to OpenWrt.
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor of the Malware Binary Triage (IMBT) course starting this Black Friday and Cyber Monday!
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: This is an affiliate link – your enrollment helps support this platform at no extra cost to you.
Article Link: Critical OpenWrt bug enabling malicious firmware image installation addressed | SC Media