Filtered by vendor Openwrt
Subscriptions
Total
48 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-7982 | 1 Openwrt | 2 Lede, Openwrt | 2023-05-24 | 8.1 High |
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). | ||||
CVE-2023-24182 | 1 Openwrt | 1 Openwrt | 2023-05-24 | 5.4 Medium |
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. | ||||
CVE-2023-24181 | 1 Openwrt | 1 Luci | 2023-04-13 | 5.4 Medium |
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. | ||||
CVE-2022-41435 | 1 Openwrt | 1 Luci | 2022-11-04 | 5.4 Medium |
OpenWRT LuCI version git-22.140.66206-02913be was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted public key comments. | ||||
CVE-2021-27821 | 1 Openwrt | 1 Luci | 2021-06-03 | 6.1 Medium |
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution. | ||||
CVE-2019-12272 | 1 Openwrt | 1 Luci | 2020-08-24 | N/A |
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | ||||
CVE-2019-17367 | 1 Openwrt | 1 Openwrt | 2019-10-22 | 8.8 High |
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | ||||
CVE-2018-19630 | 1 Openwrt | 2 Lede, Openwrt | 2018-12-31 | N/A |
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. |