Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luci vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-31853
Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.
Cudy Lt400 Firmware 1.13.4
1 Github repository
4.6
CVSSv2
CVE-2020-14110
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
Mi Ax3600 Firmware
NA
CVE-2023-31852
Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter.
Cuby Lt400 Firmware 1.13.4
1 Github repository
NA
CVE-2023-50614
An issue discovereed in EBYTE E880-IR01-V1.1 allows an malicious user to obtain sensitive information via crafted POST request to /cgi-bin/luci.
Cdebyte E880-ir01 Firmware 1.1
NA
CVE-2023-24182
LuCI openwrt-22.03 branch git-22.361.69894-438c598 exists to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
Openwrt Openwrt 22.03.3
NA
CVE-2023-31851
Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.
Cudy Lt400 Firmware 1.13.4
Cudy Lt400 Firmware 1.15.18
Cudy Lt400 Firmware 1.15.27
1 Github repository
6.5
CVSSv2
CVE-2021-28961
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
Openwrt Openwrt 19.07.0
7.5
CVSSv2
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
6.5
CVSSv2
CVE-2021-43161
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.
Ruijienetworks Reyeeos
6.5
CVSSv2
CVE-2021-43159
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common..
Ruijienetworks Reyeeos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »