Vulnerabilities > Openwrt > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-11-19 CVE-2020-28951 Use After Free vulnerability in Openwrt
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names.
network
low complexity
openwrt CWE-416
critical
9.8
2019-05-23 CVE-2019-12272 OS Command Injection vulnerability in Openwrt Luci
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
network
low complexity
openwrt CWE-78
critical
9.8