Is OpenWrt affected by CVE-2018-10933?

libssh seems to allow login without a valid credential. Does this affect OpenWrt 18.06.1? See also

https://www.libssh.org/security/advisories/CVE-2018-10933.txt

No, libssh is not used by either openssh or dropbear. See also https://github.com/openwrt/packages/pull/7209#issuecomment-430920840

3 Likes