Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-7982
An issue exists in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager prior to 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle malicious user to ...
Openwrt Lede
Openwrt Openwrt
Openwrt Openwrt 19.07.0
1 Github repository
NA
CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows malicious users to access sensitive information via a crafted HTTP request.
Openwrt Openwrt 22.03.0
Openwrt Openwrt
5
CVSSv2
CVE-2019-19945
uhttpd in OpenWrt up to and including 18.06.5 and 19.x up to and including 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "...
Openwrt Openwrt 19.07.0
Openwrt Openwrt
2 Github repositories
5
CVSSv2
CVE-2020-7248
libubox in OpenWrt prior to 18.06.7 and 19.x prior to 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
Openwrt Openwrt
Openwrt Openwrt 19.07.0
4.3
CVSSv2
CVE-2019-5101
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exp...
Openwrt Openwrt 15.05.1
Openwrt Openwrt 18.06.4
4.3
CVSSv2
CVE-2019-5102
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exp...
Openwrt Openwrt 15.05.1
Openwrt Openwrt 18.06.4
NA
CVE-2023-20820
In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
NA
CVE-2023-20695
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT689...
Google Android 13.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
NA
CVE-2023-20696
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT...
Google Android 13.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
4.3
CVSSv2
CVE-2018-19630
cgi_handle_request in uhttpd in OpenWrt up to and including 18.06.1 and LEDE up to and including 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
Openwrt Lede
Openwrt Openwrt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »