CVE-2020-7982

Description from NVD

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).

Information Acquisition Date:2022-04-18T18:06Z
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 8.1 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD References

 https://github.com/openwrt/openwrt/commits/master
     source:MISC
     tags:Patch    Third Party Advisory    
 https://openwrt.org/advisory/2020-01-31-1
     source:CONFIRM
     tags:Vendor Advisory    
 https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://arstechnica.com/information-technology/2020/03/openwrt-is-vulnerable-to-attacks-that-execute-malicious-code/
     source:MISC
     tags:Exploit    Press/Media Coverage    Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
http://newsbythehour.org/cybr24
http://canyoupwn.me13
https://twitter.com/search?src=sprv&q=CVE-2020-79825
https://blog.forallsecure.com/uncovering-openwrt-remote-cod...4
https://www.reddit.com/r/netsec/comments/fwhgwk/uncovering_...3
https://www.helpnetsecurity.com/2020/04/01/cve-2020-7982/?u...3

Information from Twitter

User URL Info Source Date
threatintelctr https://nvd.nist.gov/vuln/detail/CVE-2020-7982 Source threatintelctr   1516079920283373574 2022/04/19
RemotelyAlerts http://alerts.remotelyrmm.com/CVE-2020-7982 Source RemotelyAlerts   1516093473111228417 2022/04/19
WolfgangSesin http://www.sesin.at Source WolfgangSesin    1516108116622188544 2022/04/19
WolfgangSesin https://www.sesin.at/2022/04/18/cve-2020-7982-lede-openwrt Source WolfgangSesin    1516108116622188544 2022/04/19
www_sesin_at http://www.sesin.at Source www_sesin_at     1516108176101359620 2022/04/19
www_sesin_at https://www.sesin.at/2022/04/18/cve-2020-7982-lede-openwrt Source www_sesin_at     1516108176101359620 2022/04/19

List of frequently cited URLs

URLNum of Times Referred to
newsbythehour.org24
canyoupwn.me13
twitter.com5
blog.forallsecure.com4
www.reddit.com3
www.helpnetsecurity.com3

Information from Twitter

User URL Info Source
threatintelctr nvd.nist.gov Show Tweet
RemotelyAlerts alerts.remotelyrmm.com Show Tweet
WolfgangSesin sesin.at Show Tweet
WolfgangSesin sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2022/04/19 Score : 4
Added Har-sia Database : 2020/03/17
Last Modified : 2022/04/19
Highest Scored Date : 2020/04/01
Highest Score : 22