CVE-2021-22161 — MEDIUM (6.5)

Q: How severe is CVE-2021-22161?

CVE-2021-22161 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-22161?

Check the references section above for vendor advisories and patch information. Affected products include: Openwrt Openwrt.

Vulnerability Description

In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openwrt	Openwrt	>= 19.07.0, <= 19.07.6

Related Weaknesses (CWE)

CWE-835

References

https://openwrt.org/advisory/2021-02-02-1Vendor Advisory
https://openwrt.org/advisory/2021-02-02-1Vendor Advisory

FAQ

What is CVE-2021-22161?

CVE-2021-22161 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a lin...

How severe is CVE-2021-22161?

CVE-2021-22161 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-22161?

Check the references section above for vendor advisories and patch information. Affected products include: Openwrt Openwrt.