IssueHunt
Bug Bounty (New!)
Browse
Sign in with GitHub
future-architect/vuls

Do you want to work on this issue?

You can request for a bounty in order to promote it!

Scan OpenWRT-based devices (opkg packages) for vulnerabilities #1225

christian-weiss posted onGitHub

There are millions of devices that runs on a OpenWRT based firmware.

Gluon is a modular framework to build openWRT-based firmwares for wireless mesh nodes. For example grassroots movement Freifunk runs more then 50.000 devices as open and free WiFi Hotspots to the public in germany. To name it just as an example for what OpenWRT is used.

Is there a "hidden feature" that allows me to scan for vulnerabilities in opkg packages? (even if this OS is not yet officially supported)

OS detection:

cat /etc/os-release 
NAME="OpenWrt"
VERSION="18.06-SNAPSHOT"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt 18.06-SNAPSHOT"
VERSION_ID="18.06-snapshot"
HOME_URL="http://openwrt.org/"
BUG_URL="http://bugs.openwrt.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r7794+21-fc1dae5"
LEDE_BOARD="ipq40xx/generic"
LEDE_ARCH="arm_cortex-a7_neon-vfpv4"
LEDE_TAINTS="busybox"
LEDE_DEVICE_MANUFACTURER="OpenWrt"
LEDE_DEVICE_MANUFACTURER_URL="http://openwrt.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="OpenWrt 18.06-SNAPSHOT r7794+21-fc1dae5"

As openWRT comes with the package manager opkg it should be possible to scan for vulnerabilites in these packages. opkg list-installed

Known vulnerabilities (manually curated list): https://openwrt.org/docs/guide-developer/security

Other CVEs (not listed above) that google found for me are (when ignoring 2017, 2018 and disputed CVEs): https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-28961&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2020-13859&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-25015&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-18993&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-15513&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-12272&scoretype=cvssv2

Would be cool to run vuls on build time for every firmware (we have thousands of firmware images) and in the wild on all devices (remote scan) everyday or every now and then, as device maintainers are able to install packages on their own.

Please add label "feature", i do not have the permission to do it myself.

posted by christian-weiss almost 4 years ago

Fund this Issue

$0.00
Funded
Only logged in users can fund an issue

Pull requests

Company
AboutMission
Community
SpectrumEmbed
Support
FAQTerms of usePrivacy policyCode of conductCredits
Connect
FacebookTwitter

© 2019 BoostIO, Inc.