CVE-2023-30312

Name of the Vulnerable Software and Affected Versions OpenWrt versions 18.06 through 22.03 and beyond

Description An issue in OpenWrt allows off-path attackers to hijack TCP sessions. This could lead to a denial of service, impersonating the client to the server, and impersonating the server to the client, potentially allowing access to sensitive information. The issue occurs because nf conntrack tcp no window check is true by default.

Recommendations For OpenWrt versions 18.06 through 22.03 and beyond, consider setting nf conntrack tcp no window check to false to mitigate the risk of TCP session hijacking. At the moment, there is no information about a newer version that contains a fix for this vulnerability.