Filtered by vendor Openwrt
Subscribe
Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19945 | 1 Openwrt | 1 Openwrt | 2023-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. | |||||
| CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2023-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | |||||
| CVE-2023-24181 | 1 Openwrt | 1 Luci | 2023-04-13 | N/A | 5.4 MEDIUM |
| LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. | |||||
| CVE-2022-41435 | 1 Openwrt | 1 Luci | 2022-11-04 | N/A | 5.4 MEDIUM |
| OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | |||||
| CVE-2021-27821 | 1 Openwrt | 1 Luci | 2021-06-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution. | |||||
| CVE-2019-12272 | 1 Openwrt | 1 Luci | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | |||||
| CVE-2019-17367 | 1 Openwrt | 1 Openwrt | 2019-10-22 | 6.8 MEDIUM | 8.8 HIGH |
| OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | |||||
| CVE-2018-19630 | 1 Openwrt | 2 Lede, Openwrt | 2018-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. | |||||