Routing Loop Vulnerability in OpenWrt 19.07.x Network Devices
CVE-2021-22161

6.5MEDIUM

Key Information:

Vendor: Openwrt
Status: Openwrt
Vendor: CVE Published:; 7 February 2021

What is CVE-2021-22161?

In OpenWrt versions 19.07.x before 19.07.7, a vulnerability exists that can cause a routing loop when IPv6 is in use. This issue arises when a routing configuration points to a point-to-point link, and a destination IPv6 address within the link's prefix triggers excessive traffic between the device and its upstream ISP's router. The problem is exacerbated by the reception of router advertisements that include global unique IPv6 prefixes with the on-link flag activated. This vulnerability affects key components such as netifd and odhcp6c, potentially leading to significant performance degradation and network disruption.

References

https://openwrt.org/advisory/2021-02-02-1

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 7, 2021
Vulnerability Reserved
Jan 5, 2021

JSON

Openwrt

What is CVE-2021-22161?

References

CVSS V3.1

Timeline