OpenWrt distribution versions released 18.06.7 и 19.07.1in which corrected vulnerability CVE-2020-7982 in the opkg package manager, with which it was possible to carry out a MITM attack and replace the contents of the package downloaded from the repository. Due to an error in the checksum verification code, the attacker could ignore the SHA-256 checksums from the packet, which made it possible to bypass the mechanisms for checking the integrity of downloaded ipk resources.
The problem has been around since February 2017, after code was added to ignore leading spaces before the checksum. Due to a bug when missing spaces, the pointer to the position in the string did not move, and the SHA-256 hexadecimal sequence decoding loop immediately returned control and returned a zero-length checksum.
Due to the fact that the opkg package manager was run as root, an attacker could change the contents of the ipk package during a MITM attack, downloaded from the repository during the user's "opkg install" command, and organize the execution of his code with rights root by adding custom handler scripts to the package that are called during installation. To exploit the vulnerability, an attacker must also change the index of packages (for example, given from downloads.openwrt.org). The size of the modified package must match the original one from the index.
The new versions also eliminated one more vulnerability in the libubox library, which can cause a buffer overflow when blobmsg_format_json handles specially formatted serialized binary or JSON data.
Source: linux.org.ru