Attackers Can Hijack TCP Sessions in Openwrt Routers, Leading to Denial of Service
CVE-2023-30312
Currently unrated
What is CVE-2023-30312?
An identified vulnerability in OpenWrt allows off-path attackers to hijack TCP sessions due to the default setting of nf_conntrack_tcp_no_window_check. This weakness can result in unauthorized access and manipulation of client-server communications, enabling attackers to impersonate either side. Consequently, attackers could deliver misleading information or gain unwarranted access to sensitive files, posing significant security risks to users and their data.