CVE-2021-22161

Name of the Vulnerable Software and Affected Versions: OpenWrt versions 19.07.x through 19.07.6

Description: A routing loop can occur when IPv6 is used, generating excessive network traffic between an affected device and its upstream ISP's router. This happens when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. The netifd and odhcp6c packages are affected.

Recommendations: For OpenWrt versions 19.07.x through 19.07.6, update to version 19.07.7 or later to resolve the issue. As a temporary workaround, consider disabling IPv6 until a patch is available. Restrict access to the netifd and odhcp6c packages to minimize the risk of exploitation. Avoid using IPv6 prefix routes that point to point-to-point links until the issue is resolved.