Vulnerabilities > Openwrt > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2019-25015 Cross-site Scripting vulnerability in Openwrt
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
network
low complexity
openwrt CWE-79
5.4
2020-03-23 CVE-2020-10871 Information Exposure vulnerability in Openwrt Luci Git20.049.11521Bebfe20/Git20.078.229020Ed0D42
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services.
network
low complexity
openwrt CWE-200
5.3
2019-12-03 CVE-2019-18993 Cross-site Scripting vulnerability in Openwrt 18.06.4
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
network
low complexity
openwrt CWE-79
5.4
2019-12-03 CVE-2019-18992 Cross-site Scripting vulnerability in Openwrt 18.06.4
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).
network
low complexity
openwrt CWE-79
5.4
2019-11-18 CVE-2019-5102 Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1.
network
high complexity
openwrt CWE-295
5.9
2019-11-18 CVE-2019-5101 Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1.
network
high complexity
openwrt CWE-295
5.9
2019-10-18 CVE-2019-17367 Cross-Site Request Forgery (CSRF) vulnerability in Openwrt 18
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
network
openwrt CWE-352
6.8
2018-11-28 CVE-2018-19630 Cross-site Scripting vulnerability in Openwrt Lede and Openwrt
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
network
openwrt CWE-79
4.3