Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luci vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-31853
Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.
Cudy Lt400 Firmware 1.13.4
1 Github repository
6.1
CVSSv3
CVE-2023-31852
Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter.
Cuby Lt400 Firmware 1.13.4
1 Github repository
7.8
CVSSv3
CVE-2020-14110
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background.
Mi Ax3600 Firmware
6.1
CVSSv3
CVE-2023-31851
Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.
Cudy Lt400 Firmware 1.13.4
Cudy Lt400 Firmware 1.15.18
Cudy Lt400 Firmware 1.15.27
1 Github repository
7.5
CVSSv3
CVE-2023-50614
An issue discovereed in EBYTE E880-IR01-V1.1 allows an malicious user to obtain sensitive information via crafted POST request to /cgi-bin/luci.
Cdebyte E880-ir01 Firmware 1.1
5.4
CVSSv3
CVE-2023-24182
LuCI openwrt-22.03 branch git-22.361.69894-438c598 exists to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
Openwrt Openwrt 22.03.3
8.8
CVSSv3
CVE-2021-28961
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
Openwrt Openwrt 19.07.0
9.8
CVSSv3
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
8.8
CVSSv3
CVE-2021-43159
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common..
Ruijienetworks Reyeeos
8.8
CVSSv3
CVE-2021-43160
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose.
Ruijienetworks Reyeeos
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »