For three years, router firmware OpenWRT has been vulnerable to remote code execution attacks.
The researcher also found that it was trivial for attackers with moderate experience to bypass digital-signature checks that verify a downloaded update as the legitimate one offered by OpenWTR maintainers. The combination of those two lapses makes it possible to send a malicious update that vulnerable devices will automatically install.
This is especially concerning because OpenWRT is commonly recommend by privacy advocates as an alternative to built-in proprietary router firmware.
Check It Out: OpenWRT is Vulnerable to Remote Code Execution Attacks