// For flags

CVE-2021-22161

 

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.

En OpenWrt versiones 19.07.x anteriores a 19.07.7, cuando es usado IPv6, puede ocurrir un bucle de enrutamiento que genere un tráfico de red excesivo entre un dispositivo afectado y el enrutador de su ISP ascendente. Esto ocurre cuando una ruta de prefijo de enlace apunta a un enlace de punto a punto, una dirección IPv6 de destino pertenece al prefijo y no es una dirección IPv6 local, y se recibe un anuncio de enrutamiento con al menos un prefijo IPv6 único global para el que es ajustado el flag on-link. Esto afecta a los paquetes netifd y odhcp6c

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-05 CVE Reserved
  • 2021-02-07 CVE Published
  • 2023-10-24 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://openwrt.org/advisory/2021-02-02-1 2023-05-24
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openwrt
Search vendor "Openwrt"
 Openwrt
Search vendor "Openwrt" for product "Openwrt"
 >= 19.07.0 <= 19.07.6
Search vendor "Openwrt" for product "Openwrt" and version " >= 19.07.0 <= 19.07.6"
-
Affected