https://www.usenix.org/conference/usenixsecurity23/presentation/schepers
Openwrt 22 specifically mentioned.
2 Likes
Openwrt 22 specifically mentioned.
FYI that CVE-2022-47522 was fixed in https://github.com/openwrt/openwrt/commit/4ae854d05568bc36a4df2cb6dd8fb023b5ef9944 and already included in v22.03.4 release, available since Apr 14, 2023.
7 Likes
I just tested v23.05.0 on the Fritz!Box 4040. I used the macstealer tool[1] to verify that CVE-2022-47522 is indeed fixed. My test says that OpenWRT is still vulnerable. I suspect that my test setup is flawed, but I cannot find the error.
Can someone confirm that the fix really works? If so, which device and OpenWRT Version were used? How was it tested?
[1] https://github.com/vanhoefm/macstealer, Git-commit ef9820fa3