Vulnerabilities > Openwrt
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-18 | CVE-2019-5102 | Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4 An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. | 5.9 |
| 2019-11-18 | CVE-2019-5101 | Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4 An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. | 5.9 |
| 2019-10-18 | CVE-2019-17367 | Cross-Site Request Forgery (CSRF) vulnerability in Openwrt 18 OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | 6.8 |
| 2019-08-23 | CVE-2019-15513 | Improper Locking vulnerability in multiple products An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. | 7.5 |
| 2019-05-23 | CVE-2019-12272 | OS Command Injection vulnerability in Openwrt Luci In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | 7.5 |
| 2018-11-28 | CVE-2018-19630 | Cross-site Scripting vulnerability in Openwrt Lede and Openwrt cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. | 4.3 |
| 2018-06-19 | CVE-2018-11116 | Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. | 8.8 |