Filtered by vendor Openwrt
Subscriptions
Filtered by product Openwrt
Subscriptions
Total
45 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-20695 | 3 Google, Mediatek, Openwrt | 31 Android, Mt6835, Mt6880 and 28 more | 2024-11-21 | 6.7 Medium |
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only). | ||||
CVE-2023-20694 | 3 Google, Mediatek, Openwrt | 43 Android, Mt6580, Mt6739 and 40 more | 2024-11-21 | 6.7 Medium |
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only). | ||||
CVE-2022-38333 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. | ||||
CVE-2021-45906 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. | ||||
CVE-2021-45905 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. | ||||
CVE-2021-45904 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. | ||||
CVE-2021-33425 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation. | ||||
CVE-2021-32019 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 6.1 Medium |
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP. | ||||
CVE-2021-28961 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 8.8 High |
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | ||||
CVE-2021-22161 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 6.5 Medium |
In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages. | ||||
CVE-2020-7982 | 1 Openwrt | 2 Lede, Openwrt | 2024-11-21 | 8.1 High |
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). | ||||
CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | ||||
CVE-2020-28951 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 9.8 Critical |
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. | ||||
CVE-2019-5102 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 4 Medium |
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. | ||||
CVE-2019-5101 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 4 Medium |
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events | ||||
CVE-2019-25015 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID. | ||||
CVE-2019-19945 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. | ||||
CVE-2019-18993 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | ||||
CVE-2019-18992 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). | ||||
CVE-2019-17367 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 8.8 High |
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. |