An attacker can inject malicious code in the SSH keys field and send the request to an unsuspecting user of OpenWRT devices.
This vulnerability affects all OpenWRT devices running the LuCI version git-22.140.66206-02913be.
Solution: Upgrade to the latest version. An upgrade is required to fix this issue.
CVE References: CVE-2018-11355, CVE-2018-11356, CVE-2018-11357, CVE-2018-11358, CVE-2018-11359, CVE-2018-11360, CVE-2018-11361, CVE-2018-11362, CVE-2018-11363, CVE-2018-11364, CVE-2018-11365, CVE-2018-11366, CVE-2018-11367, CVE-2018-11368, CVE-2018-11369, CVE-2018-11370, CVE-2018-11371, CVE-2018-11372, CVE-2018-11373, CVE-2018-11374, CVE-2018-11375, CVE-2018-11376, CVE-2018-11377, CVE-2018-11378.
LuCI is the web interface for OpenWrt devices. It is used to configure the device, monitor its status, and install packages. LuCI is the web interface for OpenWrt devices. It is used to configure the device, monitor its status, and install packages
Installation of packages using LuCI
To install packages using LuCI, you must be connected to the device via SSH.
1) Connect to your device with SSH
2) Create a directory called "packages" and move down into it with this command:
mkdir /packages/
cd /packages
3) Upload your desired package file(s) to this directory with these commands:
wget https://example.com/mypackage.tar.gz
mv mypackage.tar.gz mypackage.tar
4) Install the package with these commands: php -f /packages/mypackage/index.php > installpkg
Steps to reproduce the bug:
1. Login via SSH to a vulnerable device
2. Type the following: "smc set key
OpenWrt’s version of LuCI
The latest version of LuCI is version git-22.140.66206-02913be, a security update that fixes the CVE-2018-11355, CVE-2018-11356, and CVE-2018-11357 vulnerabilities.
However, OpenWrt’s version of LuCI may not be updated because of the lack of an installation package. The best option is to upgrade the device firmware to the latest version to avoid any security risks.
Timeline
Published on: 11/03/2022 12:15:00 UTC
Last modified on: 11/04/2022 13:41:00 UTC