Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-7982

An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.025
EPSS Ranking 84.5%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
Products affected by CVE-2020-7982
  • Openwrt » Lede » Version: 17.01.0
    cpe:2.3:a:openwrt:lede:17.01.0
  • Openwrt » Lede » Version: 17.01.1
    cpe:2.3:a:openwrt:lede:17.01.1
  • Openwrt » Lede » Version: 17.01.2
    cpe:2.3:a:openwrt:lede:17.01.2
  • Openwrt » Lede » Version: 17.01.3
    cpe:2.3:a:openwrt:lede:17.01.3
  • Openwrt » Lede » Version: 17.01.4
    cpe:2.3:a:openwrt:lede:17.01.4
  • Openwrt » Lede » Version: 17.01.5
    cpe:2.3:a:openwrt:lede:17.01.5
  • Openwrt » Lede » Version: 17.01.6
    cpe:2.3:a:openwrt:lede:17.01.6
  • Openwrt » Lede » Version: 17.01.7
    cpe:2.3:a:openwrt:lede:17.01.7
  • Openwrt » Openwrt » Version: 18.06.0
    cpe:2.3:o:openwrt:openwrt:18.06.0
  • Openwrt » Openwrt » Version: 18.06.1
    cpe:2.3:o:openwrt:openwrt:18.06.1
  • Openwrt » Openwrt » Version: 18.06.2
    cpe:2.3:o:openwrt:openwrt:18.06.2
  • Openwrt » Openwrt » Version: 18.06.3
    cpe:2.3:o:openwrt:openwrt:18.06.3
  • Openwrt » Openwrt » Version: 18.06.4
    cpe:2.3:o:openwrt:openwrt:18.06.4
  • Openwrt » Openwrt » Version: 18.06.5
    cpe:2.3:o:openwrt:openwrt:18.06.5
  • Openwrt » Openwrt » Version: 18.06.6
    cpe:2.3:o:openwrt:openwrt:18.06.6
  • Openwrt » Openwrt » Version: 19.07.0
    cpe:2.3:o:openwrt:openwrt:19.07.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved