Primary

Context

OpenWrt Procd PATH Variable Filter Bypass Vulnerability Leading to Privilege Escalation

Vulnerability

Patched

A vulnerability in the OpenWrt Project's Procd component, present in versions prior to 24.10.6, allows for a bypass of environment variable filtering in the hotplug_call function. This flaw enables an attacker to inject an arbitrary PATH variable, potentially leading to privilege escalation. The issue arises because the function incorrectly uses strcmp to compare the full environment string against the literal 'PATH', causing the filter to fail. As a result, the PATH variable is not excluded, allowing manipulation of which binaries are executed by scripts with elevated privileges.

Impact

Exploitation of this vulnerability could allow an attacker to gain unauthorized privileges by manipulating the execution environment of scripts run by Procd.

Remediation

Users can upgrade to OpenWrt version 24.10.6 or later to address this vulnerability.

Added: Mar 19, 2026, 11:24 PM

Updated: Mar 19, 2026, 11:24 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.1

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.1

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenWrt Procd PATH Variable Filter Bypass Vulnerability Leading to Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

OpenWrt

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating