Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt openwrt vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-28951
libuci in OpenWrt prior to 18.06.9 and 19.x prior to 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
Openwrt Openwrt
9
CVSSv2
CVE-2020-11967
In IQrouter up to and including 3.3.1, remote attackers can control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced in...
Evenroute Iqrouter Firmware
9
CVSSv2
CVE-2017-17867
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed becau...
Intenogroup Iopsys
Intenogroup Iopsys 4.0
1 EDB exploit
1 Github repository
7.8
CVSSv2
CVE-2019-15513
An issue exists in OpenWrt libuci (aka Library for the Unified Configuration Interface) prior to 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device h...
Openwrt Libuci -
Motorola Cx2l Mwr04l Firmware 1.01
Motorola C1 Mwr03 Firmware 1.01
7.5
CVSSv2
CVE-2020-11963
IQrouter up to and including 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating t...
Evenroute Iqrouter Firmware
7.5
CVSSv2
CVE-2020-11965
In IQrouter up to and including 3.3.1, there is a root user without a password, which allows malicious users to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configu...
Evenroute Iqrouter Firmware
7.5
CVSSv2
CVE-2020-11966
In IQrouter up to and including 3.3.1, the Lua function reset_password in the web-panel allows remote malicious users to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced i...
Evenroute Iqrouter Firmware
7.5
CVSSv2
CVE-2019-12272
In OpenWrt LuCI up to and including 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
Openwrt Luci
3 Github repositories
6.8
CVSSv2
CVE-2020-7982
An issue exists in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager prior to 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle malicious user to ...
Openwrt Lede
Openwrt Openwrt
Openwrt Openwrt 19.07.0
1 Github repository
6.8
CVSSv2
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
Openwrt Openwrt 18
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »