Wi-Fi router is usually remembered when the Internet disappears in the house, although this small device remains on for years and transmits all network traffic through itself. In OpenWrt 25.12.5, developers have closed several dangerous vulnerabilities in services that run by default and can work without the owner’s participation.
The most serious error was found in the odhcpd service, which distributes network settings to the devices. A specially prepared DHCPv6-request could cause overflow of the buffer and allow the router to be attacked remotely. Through a similar request, the attacker could transfer the malicious name of the device and implement the code into the LuCI web interface.
The vulnerability in the Ütttpd web server allowed you to interfere with the processing of requests from other users. The cgi-io component found a way to circumvent access restrictions and read system files that the root superuser can read. Another mistake made it possible to disable Emergency Access Daemon before checking the login and password.
The problem in luci-app-tailscale-community was a separate threat. The user who has already accessed the control panel could run commands with maximum rights and fully control the device. The developers also closed the accumulated vulnerabilities in the Linux kernel, the OpenSSL library, the system library musl and the Dropbar SSH server.
OpenWrt 25.12.5 is not limited to safety patches. The output improves the stability of network services and adds support to new routers, access points and network storage Linksys, GL.iNET, TP-Link, Zyxel, Cudy and other manufacturers. Finished builds are available for 41 platforms, and the total number of compatible devices exceeded 2200.
The update included Linux 6.12.94, OpenSSL 3.5.7 and dnsmasq 2.93. Compatible device owners are advised to install OpenWrt 25.12.5, especially when the DHCPv6 control panel or DHCPv6 services are available from a mistrust network.
The most serious error was found in the odhcpd service, which distributes network settings to the devices. A specially prepared DHCPv6-request could cause overflow of the buffer and allow the router to be attacked remotely. Through a similar request, the attacker could transfer the malicious name of the device and implement the code into the LuCI web interface.
The vulnerability in the Ütttpd web server allowed you to interfere with the processing of requests from other users. The cgi-io component found a way to circumvent access restrictions and read system files that the root superuser can read. Another mistake made it possible to disable Emergency Access Daemon before checking the login and password.
The problem in luci-app-tailscale-community was a separate threat. The user who has already accessed the control panel could run commands with maximum rights and fully control the device. The developers also closed the accumulated vulnerabilities in the Linux kernel, the OpenSSL library, the system library musl and the Dropbar SSH server.
OpenWrt 25.12.5 is not limited to safety patches. The output improves the stability of network services and adds support to new routers, access points and network storage Linksys, GL.iNET, TP-Link, Zyxel, Cudy and other manufacturers. Finished builds are available for 41 platforms, and the total number of compatible devices exceeded 2200.
The update included Linux 6.12.94, OpenSSL 3.5.7 and dnsmasq 2.93. Compatible device owners are advised to install OpenWrt 25.12.5, especially when the DHCPv6 control panel or DHCPv6 services are available from a mistrust network.