Download Firmware OpenWRT 22.03.3

Version 22.03.3 of OpenWrt has been released. OpenWrt is alternative open source firmware for a large number various routers and embedded devices. The opkg package management system makes it possible to determine for yourself what the router can and cannot do. There are also several people actively working on it on GoT; see this topic for that. You can simply update the version with sysupgrade from the web interface. Several security issues have been resolved in this release.

Security fixes

• CVE-2022-30065: busybox: Fix a use-after-free in Busybox 1.35-x’s awk applet
• CVE-2022-0934: dnsmasq: Fixes single-byte, non-arbitrary write/use-after-free flaw in dnsmasq DHCPv6 server
• CVE-2022-1304: e2fsprogs: An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5
• CVE-2022-47939: kmod-ksmbd: ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
• CVE-2022-46393: mbedtls: Fix potential heap buffer overread and overwrite
• CVE-2022-46392: mbedtls: An adversary with access to precise enough information about memory accesses can recover an RSA private key
• CVE 2022-42905: wolfssl: In the case that the WOLFSSL_CALLBACKS macro is set when building wolfSSL, there is a potential heap over read of 5 bytes when handling TLS 1.3 client connections.