Security Vulnerability after flashing OpenWrt

Hello everyone,

I have a general question regarding secruity issues of the device after flashing OpenWRT. I am currently using a Netgaer R6220 Router, which works perfectly well.

Some days ago I read about this Vulnerability:

My device is not affected, but how would such an Vulnerability affect an device running OpenWRT, as I cannot update the firmware through OpenWRT or am I wrong?

Thank you very much,

appears to be same as Cve-2021-45608

1 Like

I'm not sure I understand your question.

This is a vulnerability found in the vendor's original software of those devices -- which is what you are replacing when you flash OpenWrt, hence that doesn't affect devices no longer running the stock firmware. Ie. other than Freetz or things like CHDK which are built as modification or "on-top" of the existing vendor firmware, OpenWrt does not use any components active at run-time of the existing firmware, both kernel and all userspace software is built from our own (open) sources.
This doesn't mean that OpenWrt is safe by definition or anything like that, of course. It's just completely different software and hence also potentially different vulnerabilities. Hence you should, of course, keep OpenWrt up-to-date and not run outdated versions (and yes, you can of course update OpenWrt running on a device which is then the only firmware to be there, apart from the bootloader maybe, but that's running only very early at boot and then hands over control to OpenWrt/Linux once it has been loaded)


Thank you very much for the explanation. I think I had a different understanding of firmware and OS.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.