This page is not fully translated, yet. Please help completing the translation.
(remove this paragraph once the translation is finished)
Multiple vulnerabilities were found in the Linux Kernel mac80211 and cfg80211 framework. OpenWrt takes the mac80211 and cfg80211 framework from the wireless backports project which copies it from a more recent Linux kernel version.
These vulnerabilities are in the multi BSSID (MBSSID) beacon parsing code and the P2P-device beacon parsing code.
The vulnerabilities are mostly in the Wifi beacon parsing code. OpenWrt operating as Wifi AP or Wifi client is affected when it scans for Wifi networks. A malicious attacker could exploit this by sending specially crafted packets while the target is scanning for Wifi networks. A malicious attacker has to be physically close to the target to exploit these vulnerabilities. This can be exploited by attackers which are not necessary part of the network, no authentication needed. Wifi drivers in OpenWrt will parse beacons from arbitrary Wifi devices nearby.
All Wifi drivers in OpenWrt are using cfg80211 and many are using mac80211.
You need to update to a fixed OpenWrt version. Fixes for the vulnerabilities are integrated in OpenWrt 22.03.2 and OpenWrt 21.02.5. Upgrading the packages with opkg update is not sufficient.
The fix is contained in the following and later versions:
To our knowledge, OpenWrt snapshot images are affected. OpenWrt stable release versions 22.03.1 and OpenWrt 21.02.4 and earlier are affected. Older versions of OpenWrt (e.g. OpenWrt 19.07, OpenWrt 18.06, OpenWrt 15.05 and LEDE 17.01) are end of life and not supported any more.
Thanks to security researcher Sönke Huster from TU Darmstadt ( shuster@seemoo.tu-darmstadt.de ) and Johannes Berg from Intel for identifying the problems and fixing them in the upstream Linux kernel.