Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luci vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
Openwrt Openwrt 18
1 Github repository
7.5
CVSSv2
CVE-2019-12272
In OpenWrt LuCI up to and including 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
Openwrt Luci
3 Github repositories
5
CVSSv2
CVE-2018-19879
An issue exists in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimit...
Teltonika Rut950 Firmware R 31.04.89
10
CVSSv2
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P prior to 2.14.5, R3C prior to 2.12.15, R3 prior to 2.22.15, and R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3p Firmware
Mi Xiaomi R3c Firmware
Mi Xiaomi R3d Firmware
Mi Xiaomi R3
1 Github repository
10
CVSSv2
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3d Firmware
1 Github repository
6.5
CVSSv2
CVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
7.5
CVSSv2
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
9
CVSSv2
CVE-2017-17757
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua ...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
9
CVSSv2
CVE-2017-17758
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
9
CVSSv2
CVE-2017-16958
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/...
Tp-link Tl-wvr300 Firmware -
Tp-link Tl-wvr302 Firmware -
Tp-link Tl-wvr450 Firmware -
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr450g Firmware -
Tp-link Tl-wvr458 Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr458p Firmware -
Tp-link Tl-wvr900g Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1300g Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-war2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war302 Firmware -
Tp-link Tl-war450 Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458 Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »