Vulnerabilities > Openwrt > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-07 | CVE-2021-22161 | Infinite Loop vulnerability in Openwrt In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. | 6.5 |
| 2021-01-26 | CVE-2019-25015 | Cross-site Scripting vulnerability in Openwrt LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID. | 5.4 |
| 2020-03-23 | CVE-2020-10871 | Information Exposure vulnerability in Openwrt Luci Git20.049.11521Bebfe20/Git20.078.229020Ed0D42 In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. | 5.3 |
| 2019-12-03 | CVE-2019-18993 | Cross-site Scripting vulnerability in Openwrt 18.06.4 OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | 5.4 |
| 2019-12-03 | CVE-2019-18992 | Cross-site Scripting vulnerability in Openwrt 18.06.4 OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). | 5.4 |
| 2019-11-18 | CVE-2019-5102 | Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4 An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. | 5.9 |
| 2019-11-18 | CVE-2019-5101 | Improper Certificate Validation vulnerability in Openwrt 15.05.1/18.06.4 An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. | 5.9 |
| 2018-11-28 | CVE-2018-19630 | Cross-site Scripting vulnerability in Openwrt Lede and Openwrt cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. | 6.1 |