Vulnerabilities > Openwrt > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-04 CVE-2023-20820 Unspecified vulnerability in Openwrt 19.07.0/21.02.0
In wlan service, there is a possible command injection due to improper input validation.
network
low complexity
openwrt
7.2
2022-09-19 CVE-2022-38333 Out-of-bounds Read vulnerability in Openwrt
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value().
network
low complexity
openwrt CWE-125
7.5
2021-03-21 CVE-2021-28961 OS Command Injection vulnerability in Openwrt 19.07.0
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
network
low complexity
openwrt CWE-78
8.8
2020-03-16 CVE-2020-7982 Improper Check for Unusual or Exceptional Conditions vulnerability in Openwrt Lede and Openwrt
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7.
network
high complexity
openwrt CWE-754
8.1
2020-03-16 CVE-2020-7248 Out-of-bounds Write vulnerability in Openwrt 19.07.0
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
network
low complexity
openwrt CWE-787
7.5
2020-03-16 CVE-2019-19945 Incorrect Conversion between Numeric Types vulnerability in Openwrt 19.07.0
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error.
network
low complexity
openwrt CWE-681
7.5
2019-08-23 CVE-2019-15513 Improper Locking vulnerability in multiple products
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices.
network
low complexity
openwrt motorola CWE-667
7.5
2019-05-23 CVE-2019-12272 OS Command Injection vulnerability in Openwrt Luci
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
network
low complexity
openwrt CWE-78
7.5
2018-06-19 CVE-2018-11116 Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution.
network
low complexity
openwrt CWE-732
8.8