Having all devices updated is very important to avoid security problems and attackers being able to steal data or control the equipment themselves. However, on rare occasions, problems may arise. This is what happened with an update to the OpenWrt system. This flaw has allowed hackers to distribute malicious firmware images.
We are going to explain to you what exactly this problem consists of, how it can affect you and what you should do. The goal is always to avoid problems that compromise your security and privacy. In particular, it is important not to give facilities to cybercriminals, as they could take advantage of them.
OpenWrt crash
Specifically, this is a bug that affects a function that allows you to create custom firmware images. This is what has allowed attackers to create malicious firmware images, with the simple objective of harming users who may install them on their devices.
The feature, known as Attended SysUpgrade, allows an OpenWrt device to be updated to the new firmware, without losing packages and configurations.
Keep in mind that OpenWrt is a free, open source operating system that allows you to easily customize it. It is present in routers, access points and different types of hardware related to the Internet of Things. For those who do not want to have the manufacturer’s firmware, the one that comes with the device, is an alternative. It is compatible with many routers, so many users may be affected. For example, it can be used on ASUS, Belkin, Zyxel or D-Link routers, among others.
This vulnerability has been registered as CVE-2024-54143. It has received a score of 9.3, which is considered a critical failure. However, this error has already been fixed. Therefore, it is recommended that users check which firmware image they have installed, to correct problems if necessary.
Avoid problems
So, what should you do so that this failure does not affect you? What OpenWrt recommends is to install a firmware image that has been recently generated. This way, you can replace a hypothetical image that has been maliciously manipulated. If it is something unsafe, it is best to remove it as soon as possible.
We also recommend that you always install firmware from official sources. Avoid going to third-party sites, where they may affect your security. You don’t really know who may have modified a firmware with the aim of stealing data or taking control of a device. Therefore, always go to legitimate, official sites that can provide guarantees.
On the other hand, having everything updated is a very interesting solution to prevent a wide variety of attacks. Make sure you have your devices with the latest version. We’re talking about firmware, but it’s also something you should apply to any application or software you use on a daily basis.
In short, this flaw in OpenWrt has been able to put many devices at risk, including routers, by installing modified firmware versions. Although you can change the router’s firmware, we recommend that you carefully check where you download it from.
