[Security] Confidential report submitted — TCP connection hijack & DoS (CVE-2023-30312 related)
zhangmh25 at mails.tsinghua.edu.cn
zhangmh25 at mails.tsinghua.edu.cn
Mon Oct 27 08:14:31 PDT 2025
Hello OpenWrt administrators,
This is a brief public notice that a confidential security report was submitted to contact at openwrt.org earlier today with the subject line:
"[Security] OpenWrt TCP Connection Hijacking Vulnerabilities Report"
Summary:
- We discovered two new attack vectors that resurrected CVE-2023-30312.
- When exploited they can lead to TCP connection hijacking and denial-of-service conditions on affected OpenWrt releases.
- The overall severity is high due to potential session takeover and widespread service disruption on affected systems.
We submitted full technical details and proposed mitigations to contact at openwrt.org for coordinated disclosure. Please treat the submission as confidential;
Request:
- Kindly acknowledge receipt on this mailing list (or by replying to the confidential report) so we know the report reached the appropriate team.
- If you did not receive the confidential report at contact at openwrt.org, please let us know and we will re-send or use an alternate secure channel.
Contact
Minghao Zhang [zhangmh25 at mails.tsinghua.edu.cn]
Jianjun Chen [jianjun at tsinghua.edu.cn]
Thank you,
Minghao Zhang
More information about the openwrt-adm
mailing list