A critical command injection vulnerability in the OpenWrt Luci-app-tailscale-community package poses a severe risk of unauthorized remote code execution on affected network devices.

This vulnerability involves a command injection flaw within the tailscale configuration component, which may allow an authenticated attacker to execute arbitrary system commands with elevated privileges.

The exploitation of this vulnerability could lead to a complete compromise of the underlying router or network appliance. Given the CVSS score of 8.8, this represents a high-severity risk that could result in unauthorized network access, data exfiltration, or the establishment of a persistent foothold within the network infrastructure.

Immediate Action: Audit OpenWrt package repositories and apply all available security updates for the Luci-app-tailscale-community package immediately.

Proactive Monitoring: Monitor system logs for unusual shell command execution patterns or unexpected network traffic originating from the Tailscale service.

Compensating Controls: Restrict administrative access to the Luci web interface to trusted management IP addresses to prevent unauthorized access by potential attackers.

Public Exploit Available: false

Given the high CVSS score, organizations using this package should prioritize patching. If a patch is unavailable, disable the affected service until a secure version is released to mitigate the risk of remote command execution.