There are millions of devices that runs on a OpenWRT based firmware.
Gluon is a modular framework to build openWRT-based firmwares for wireless mesh nodes. For example grassroots movement Freifunk runs more then 50.000 devices as open and free WiFi Hotspots to the public in germany. To name it just as an example for what OpenWRT is used.
Is there a "hidden feature" that allows me to scan for vulnerabilities in opkg packages? (even if this OS is not yet officially supported)
Would be cool to run vuls on build time for every firmware (we have thousands of firmware images) and in the wild on all devices (remote scan) everyday or every now and then, as device maintainers are able to install packages on their own.
There are millions of devices that runs on a OpenWRT based firmware.
Gluon is a modular framework to build openWRT-based firmwares for wireless mesh nodes. For example grassroots movement Freifunk runs more then 50.000 devices as open and free WiFi Hotspots to the public in germany. To name it just as an example for what OpenWRT is used.
Is there a "hidden feature" that allows me to scan for vulnerabilities in opkg packages? (even if this OS is not yet officially supported)
OS detection:
As openWRT comes with the package manager opkg it should be possible to scan for vulnerabilites in these packages.
opkg list-installed
Known vulnerabilities (manually curated list): https://openwrt.org/docs/guide-developer/security
Other CVEs (not listed above) that google found for me are (when ignoring 2017, 2018 and disputed CVEs): https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-28961&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2020-13859&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-25015&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-18993&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-15513&scoretype=cvssv2 https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-12272&scoretype=cvssv2
Would be cool to run vuls on build time for every firmware (we have thousands of firmware images) and in the wild on all devices (remote scan) everyday or every now and then, as device maintainers are able to install packages on their own.