Vulnerabilities > Openwrt > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-04 | CVE-2023-20820 | Unspecified vulnerability in Openwrt 19.07.0/21.02.0 In wlan service, there is a possible command injection due to improper input validation. | 7.2 |
| 2022-09-19 | CVE-2022-38333 | Out-of-bounds Read vulnerability in Openwrt Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). | 7.5 |
| 2021-03-21 | CVE-2021-28961 | OS Command Injection vulnerability in Openwrt 19.07.0 applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests. | 8.8 |
| 2020-03-16 | CVE-2020-7982 | Improper Check for Unusual or Exceptional Conditions vulnerability in Openwrt Lede and Openwrt An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. | 8.1 |
| 2020-03-16 | CVE-2020-7248 | Out-of-bounds Write vulnerability in Openwrt libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | 7.5 |
| 2020-03-16 | CVE-2019-19945 | Incorrect Conversion between Numeric Types vulnerability in Openwrt uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. | 7.5 |
| 2019-10-18 | CVE-2019-17367 | Cross-Site Request Forgery (CSRF) vulnerability in Openwrt 18 OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | 8.8 |
| 2019-08-23 | CVE-2019-15513 | Improper Locking vulnerability in multiple products An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. | 7.5 |
| 2018-06-19 | CVE-2018-11116 | Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. | 8.8 |