A high-severity vulnerability has been identified in the luci-app-https-dns-proxy package for OpenWrt, which requires immediate attention from network administrators.

The specific nature of this vulnerability in the DNS proxy application is currently under investigation, but it has been rated with a high CVSS score, suggesting a significant risk to network security.

With a CVSS score of 8.8, this vulnerability could potentially allow attackers to intercept or manipulate DNS traffic, leading to man-in-the-middle attacks or redirection of network users to malicious sites, which is critical for infrastructure security.

Immediate Action: Check for OpenWrt package updates and apply the latest version of the luci-app-https-dns-proxy package.

Proactive Monitoring: Monitor DNS query logs for signs of redirection or unauthorized traffic patterns.

Compensating Controls: If a patch is unavailable, consider temporarily disabling the proxy service or implementing alternative DNS security measures (e.g., DNSSEC).

Public Exploit Available: false

Network administrators should treat this vulnerability with urgency. Given the potential impact on network traffic integrity, ensure that all OpenWrt packages are updated to the latest secure versions as soon as they become available.