OpenWrt supply chain attack scare prompts urgent upgrades

OpenWrt supply chain attack scare prompts urgent upgrades
submitted by shoulderoforion@fedia.io

www.theregister.com/2024/12/09/openwrt_firmware…

A couple of bugs lead to a potentially bad time

112

Log in to comment

5 Comments

Prompt response and open statement about it can't ask for much more than that. D-link might just tell you to kick rocks and buy a new router.

Thankfully they didn't find any evidence of it being used, but they promptly fixed the issues and informed everyone. Great example of amazing management.

Spooren said the SHA-256 hash is truncated to 12 characters, significantly reducing its complexity, potentially allowing attackers to generate collisions.

Wtf. Who thought this was acceptable?

I dislike the term "supply chain" to describe this

It made me think it was going to be about the open source router. Seems like an intentionally misleading title to generate more clicks...