Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt openwrt vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-28961
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
Openwrt Openwrt 19.07.0
6.5
CVSSv2
CVE-2018-11116
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the f...
Openwrt Openwrt -
5
CVSSv2
CVE-2020-13859
An issue exists on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management...
Mofinetwork Mofi4500-4gxelte Firmware 4.0.8-std
5
CVSSv2
CVE-2020-11964
In IQrouter up to and including 3.3.1, the Lua function diag_set_password in the web-panel allows remote malicious users to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the force...
Evenroute Iqrouter Firmware
5
CVSSv2
CVE-2020-11968
In the web-panel in IQrouter up to and including 3.3.1, remote attackers can read system logs because of Incorrect Access Control. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configuration (which ...
Evenroute Iqrouter Firmware
5
CVSSv2
CVE-2020-10871
In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other ...
Openwrt Luci Git-20.049.11521-bebfe20
Openwrt Luci Git-20.078.22902-0ed0d42
5
CVSSv2
CVE-2020-7248
libubox in OpenWrt prior to 18.06.7 and 19.x prior to 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
Openwrt Openwrt
Openwrt Openwrt 19.07.0
5
CVSSv2
CVE-2019-19945
uhttpd in OpenWrt up to and including 18.06.5 and 19.x up to and including 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "...
Openwrt Openwrt 19.07.0
Openwrt Openwrt
2 Github repositories
5
CVSSv2
CVE-2017-9385
An issue exists on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /et...
Getvera Veraedge Firmware
Getvera Veralite Firmware
4.3
CVSSv2
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt prior to 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Openwrt Openwrt
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »