OpenWRT breached through admin account

Edward Kost
Edward Kost
January 16, 2021

OpenWRT, an open source firmware solution for home routers, was breached exposing the email addresses of many of its forum users.

The breach was publicized in a forum post revealing that an admin account without two-factor authentication was the gateway to the sensitive data. 

The breached exposed the email addresses, handles and other statistical information for a selection of forum members.

While this breach may not have exposed Personal Identifiable Information, if sensitivity is measured by compromise potential, the exposed data was highly sensitive.

OpenWRT is an open source platform so a majority of its members are developers that are likely selling OpenWRT compatible software and routers to other companies.

Since such a relationship requires access to sensitive company data, a compromised OpenWRT developer could lead to a supply chain attack impacting all of the developer’s clients.

OpenWRT has urged all members to keep a vigilant eye on potential phishing emails attempting to access the sensitive data of business partners.

How secure is OpenWRT?

OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.
  • Check icon
    View our free preliminary report on OpenWRT’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating