Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt luci vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24182
LuCI openwrt-22.03 branch git-22.361.69894-438c598 exists to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
Openwrt Openwrt 22.03.3
NA
CVE-2023-24181
LuCI openwrt-22.03 branch git-22.361.69894-438c598 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
Openwrt Luci 22.03.3
NA
CVE-2022-41435
OpenWRT LuCI version git-22.140.66206-02913be exists to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via crafted public key comments.
Openwrt Luci Git-22.140.66206-02913be
4.3
CVSSv2
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt prior to 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Openwrt Openwrt
3.5
CVSSv2
CVE-2021-33425
A stored cross-site scripting (XSS) vulnerability exists in the Web Interface for OpenWRT LuCI version 19.07 which allows malicious users to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
Openwrt Openwrt 19.07.0
4.3
CVSSv2
CVE-2021-27821
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
Openwrt Luci
6.5
CVSSv2
CVE-2021-28961
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
Openwrt Openwrt 19.07.0
5
CVSSv2
CVE-2020-13859
An issue exists on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management...
Mofinetwork Mofi4500-4gxelte Firmware 4.0.8-std
3.5
CVSSv2
CVE-2019-25015
LuCI in OpenWrt 18.06.0 up to and including 18.06.4 allows stored XSS via a crafted SSID.
Openwrt Openwrt
5
CVSSv2
CVE-2020-10871
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other ...
Openwrt Luci Git-20.049.11521-bebfe20
Openwrt Luci Git-20.078.22902-0ed0d42
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »