Vulnerabilities > Openwrt > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-02-07 CVE-2021-22161 Infinite Loop vulnerability in Openwrt
In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router.
low complexity
openwrt CWE-835
6.5
2021-01-26 CVE-2019-25015 Cross-site Scripting vulnerability in Openwrt
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
network
low complexity
openwrt CWE-79
5.4
2020-03-23 CVE-2020-10871 Information Exposure vulnerability in Openwrt Luci Git20.049.11521Bebfe20/Git20.078.229020Ed0D42
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services.
network
low complexity
openwrt CWE-200
5.3
2019-12-03 CVE-2019-18993 Cross-site Scripting vulnerability in Openwrt 18.06.4
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
network
low complexity
openwrt CWE-79
5.4
2019-12-03 CVE-2019-18992 Cross-site Scripting vulnerability in Openwrt 18.06.4
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).
network
low complexity
openwrt CWE-79
5.4
2019-11-18 CVE-2019-5102 Unspecified vulnerability in Openwrt 15.05.1/18.06.4
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1.
network
high complexity
openwrt
5.9
2019-11-18 CVE-2019-5101 Unspecified vulnerability in Openwrt 15.05.1/18.06.4
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1.
network
high complexity
openwrt
5.9
2018-11-28 CVE-2018-19630 Cross-site Scripting vulnerability in Openwrt Lede and Openwrt
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
network
low complexity
openwrt CWE-79
6.1