Summary
OpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The affected code is executed before running the ACL checks, all ubus clients are able to send such messages. In addition to the heap corruption, the crafted subscription also results in a bypass of the listen ACL.
Impact
ubus clients could exploit this vulnerability, resulting in a potential execution of arbitrary code.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| 1xCOM since 2018 | Firmware 3.22 installed with Baade Linux <4.65 | |
| 4xCOM | Firmware 3.22 installed with Baade Linux <4.65 |
Vulnerabilities
Expand / Collapse allOpenWrt Project is a Linux operating system targeting embedded devices. Prior to version 24.10.4, ubusd contains a heap buffer overflow in the event registration parsing code. This allows an attacker to modify the head and potentially execute arbitrary code in the context of the ubus daemon. The affected code is executed before running the ACL checks, all ubus clients are able to send such messages. In addition to the heap corruption, the crafted subscription also results in a bypass of the listen ACL.
Mitigation
Upgrade OpenWrt to 24.10.4 or later.
Remediation
Baade M2M-Products GmbH recommends to upgrade the Baade Linux OS version of our Products TCP/IP-Web-Connector 1xCOM (since 2018) and TCP/IP-Web-Connector 4xCOM to version 4.65 or later to fix the ubusd security vulnerability.
Acknowledgments
Baade M2M-Products GmbH thanks the following parties for their efforts:
- CERT@VDE for Coordination (see https://certvde.com/ )
- Karsten Sperling from Apple for Reported by (see https://github.com/ksperling-apple )
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 02.04.2026 12:00 | Initial version. |