Vulnerabilities > Openwrt > Openwrt > 18.06.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-19 | CVE-2022-38333 | Out-of-bounds Read vulnerability in Openwrt Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). | 7.5 |
| 2020-11-19 | CVE-2020-28951 | Use After Free vulnerability in Openwrt libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. | 9.8 |
| 2019-12-03 | CVE-2019-18993 | Cross-site Scripting vulnerability in Openwrt 18.06.4 OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | 5.4 |
| 2019-12-03 | CVE-2019-18992 | Cross-site Scripting vulnerability in Openwrt 18.06.4 OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). | 5.4 |
| 2019-11-18 | CVE-2019-5102 | Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4 An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. | 5.9 |
| 2019-11-18 | CVE-2019-5101 | Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4 An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. | 5.9 |