Author Topic: Multiple CVE Vulnerabilities Detected  (Read 556 times)

0 Members and 1 Guest are viewing this topic.

Offline Lighty269

  • Senior Member
  • **
  • Posts: 54
Multiple CVE Vulnerabilities Detected
« on: September 13, 2019, 06:37:15 AM »
While doing a scan on my network...

Platform:   TL-MR3020   (no USB hub)
RAM:   29364 kB total, 2340 kB free (92% used)
SW Version:   Meteobridge 4.1 (Sep 4 2019, build 13124), FW 1.5
Uptime:   7 days, 22 hours, 54 minutes    Buffer: 1 items (0%)

Offline galfert

  • Global Moderator
  • Forecaster
  • *****
  • Posts: 6822
Re: Multiple CVE Vulnerabilities Detected
« Reply #1 on: September 13, 2019, 07:12:13 AM »
Doesn't surprise me. The base OpenWRT has not been maintained.

But thankfully no ports are open from the firewall to this device. Still there is potential to exploit from compromised other internal network system. Also no other programs are being run on the Meteobridge device. All of this limits risk.
« Last Edit: September 13, 2019, 07:19:07 AM by galfert »
Ecowitt GW1000 | Meteobridge on Raspberry Pi
WU: KFLWINTE111  |  PWSweather: KFLWINTE111
CWOP: FW3708  |  AWEKAS: 14814
Windy: pws-f075acbe
Weather Underground Issue Tracking
Tele-Pole

Offline Lighty269

  • Senior Member
  • **
  • Posts: 54
Re: Multiple CVE Vulnerabilities Detected
« Reply #2 on: September 13, 2019, 08:54:11 AM »
I just updated to latest version and still has issues.  FYI

Online wvdkuil

  • Wim van der kuil
  • Forecaster
  • *****
  • Posts: 1986
    • My PWS at Leuven Belgium Europe
Re: Multiple CVE Vulnerabilities Detected
« Reply #3 on: September 13, 2019, 08:56:32 AM »
I just updated to latest version and still has issues.  FYI
The issues are in the openWRT-code which is used as the base-system for Meteobridge.
Not in the Meteobridge code itself.

Wim

 

anything