There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
References
Link | Resource |
---|---|
https://openwrt.org/advisory/2021-08-01-1 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-02T20:35:47
Updated: 2021-08-02T20:35:47
Reserved: 2021-05-03T00:00:00
Link: CVE-2021-32019
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-02T21:15:08.380
Modified: 2023-05-24T15:01:02.763
Link: CVE-2021-32019
JSON object: View
Redhat Information
No data.
CWE