TCP Hijacking in NAT-Enabled Wi-Fi Networks CVE-2023-30312

I saw this yesterday Off-path TCP hijacking in NAT-enabled Wi-Fi networks
leading to this and Exploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi Networks
The actual PDF paper includes

...researchers from the OpenWrt community and 7 of these vendors have confirmed the vulnerability and are repairing it...

CVE-2023-30312

An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to the server (e.g., for access to files over FTP), and impersonating the server to the client (e.g., to deliver false information from a finance website). This occurs because nf_conntrack_tcp_no_window_check is true by default.

As it requires "...an attacker and a victim client are connected to the same Wi-Fi network ..." I'm not too bothered by it, but it would be nice to know if it is an issue in the latest stable build. A Hacker News comment says this March 2023 commit was a mitigation. As 23.05.3 is from March 2024 I assume it is included, so is not vulnerable? (I couldn't find the CVE mentioned from a quick search of OpenWrt & the forum, so just wanted to check!)

It is no longer even configurable in mainline or openwrt.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.