Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt openwrt vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-27821
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
Openwrt Luci
4.3
CVSSv2
CVE-2019-5101
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exp...
Openwrt Openwrt 15.05.1
Openwrt Openwrt 18.06.4
4.3
CVSSv2
CVE-2019-5102
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exp...
Openwrt Openwrt 15.05.1
Openwrt Openwrt 18.06.4
4.3
CVSSv2
CVE-2018-19630
cgi_handle_request in uhttpd in OpenWrt up to and including 18.06.1 and LEDE up to and including 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
Openwrt Openwrt
Openwrt Lede
3.5
CVSSv2
CVE-2021-45904
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
Openwrt Openwrt 21.02.1
3.5
CVSSv2
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
Openwrt Openwrt 21.02.1
3.5
CVSSv2
CVE-2021-45906
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
Openwrt Openwrt 21.02.1
3.5
CVSSv2
CVE-2021-33425
A stored cross-site scripting (XSS) vulnerability exists in the Web Interface for OpenWRT LuCI version 19.07 which allows malicious users to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
Openwrt Openwrt 19.07.0
3.5
CVSSv2
CVE-2019-25015
LuCI in OpenWrt 18.06.0 up to and including 18.06.4 allows stored XSS via a crafted SSID.
Openwrt Openwrt
3.5
CVSSv2
CVE-2019-18992
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).
Openwrt Openwrt 18.06.4
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »