Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-33425
A stored cross-site scripting (XSS) vulnerability exists in the Web Interface for OpenWRT LuCI version 19.07 which allows malicious users to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
Openwrt Openwrt 19.07.0
6.5
CVSSv2
CVE-2021-28961
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
Openwrt Openwrt 19.07.0
3.3
CVSSv2
CVE-2021-22161
In OpenWrt 19.07.x prior to 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 addres...
Openwrt Openwrt
5
CVSSv2
CVE-2020-13859
An issue exists on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management...
Mofinetwork Mofi4500-4gxelte Firmware 4.0.8-std
3.5
CVSSv2
CVE-2019-25015
LuCI in OpenWrt 18.06.0 up to and including 18.06.4 allows stored XSS via a crafted SSID.
Openwrt Openwrt
10
CVSSv2
CVE-2020-28951
libuci in OpenWrt prior to 18.06.9 and 19.x prior to 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
Openwrt Openwrt
7.5
CVSSv2
CVE-2020-11963
IQrouter up to and including 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating t...
Evenroute Iqrouter Firmware
5
CVSSv2
CVE-2020-11964
In IQrouter up to and including 3.3.1, the Lua function diag_set_password in the web-panel allows remote malicious users to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the force...
Evenroute Iqrouter Firmware
7.5
CVSSv2
CVE-2020-11965
In IQrouter up to and including 3.3.1, there is a root user without a password, which allows malicious users to gain full remote access via SSH. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configu...
Evenroute Iqrouter Firmware
7.5
CVSSv2
CVE-2020-11966
In IQrouter up to and including 3.3.1, the Lua function reset_password in the web-panel allows remote malicious users to change the root password arbitrarily. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced i...
Evenroute Iqrouter Firmware
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »