Vulnerabilities > Openwrt
|2021-08-02||CVE-2021-32019|| Cross-site Scripting vulnerability in Openwrt |
There is missing input validation of host names displayed in OpenWrt before 19.07.8.
| 4.3 |
|2021-05-25||CVE-2021-27821|| Cross-site Scripting vulnerability in Openwrt Luci |
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
| 4.3 |
|2021-05-25||CVE-2021-33425|| Cross-site Scripting vulnerability in Openwrt 19.07.0 |
| 3.5 |
|2021-03-21||CVE-2021-28961|| Command Injection vulnerability in Openwrt 19.07.0 |
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
| 6.5 |
|2021-02-07||CVE-2021-22161|| Infinite Loop vulnerability in Openwrt |
In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router.
| 3.3 |
|2021-01-26||CVE-2019-25015|| Cross-site Scripting vulnerability in Openwrt |
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
| 3.5 |
|2020-11-19||CVE-2020-28951|| Use After Free vulnerability in Openwrt |
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names.
| 10.0 |
|2020-03-23||CVE-2020-10871|| Information Exposure vulnerability in Openwrt Luci Git20.049.11521Bebfe20/Git20.078.229020Ed0D42 |
** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services.
| 5.0 |
|2020-03-16||CVE-2020-7982|| Injection vulnerability in Openwrt Lede and Openwrt |
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7.
| 6.8 |
|2020-03-16||CVE-2020-7248|| Out-of-bounds Write vulnerability in Openwrt |
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
| 5.0 |