Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luci vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
Openwrt Openwrt 18
1 Github repository
668
VMScore
CVE-2019-12272
In OpenWrt LuCI up to and including 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
Openwrt Luci
3 Github repositories
445
VMScore
CVE-2018-19879
An issue exists in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimit...
Teltonika Rut950 Firmware R 31.04.89
890
VMScore
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3d Firmware
1 Github repository
890
VMScore
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P prior to 2.14.5, R3C prior to 2.12.15, R3 prior to 2.22.15, and R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3p Firmware
Mi Xiaomi R3c Firmware
Mi Xiaomi R3d Firmware
Mi Xiaomi R3
1 Github repository
578
VMScore
CVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
668
VMScore
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
801
VMScore
CVE-2017-17758
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
801
VMScore
CVE-2017-17757
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua ...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
801
VMScore
CVE-2017-16960
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/adm...
Tp-link Tl-wvr302 V2
Tp-link Tl-er6120g V2
Tp-link Tl-er6520g V3
Tp-link Tl-r488 V5
Tp-link Tl-r4299g V2
Tp-link Tl-r478 V6
Tp-link Tl-r478\\+ V7
Tp-link Tl-r478g\\+ V3
Tp-link Tl-r483 V5
Tp-link Tl-wvr900g V3
Tp-link Tl-er5510g V2
Tp-link Tl-er5510g V3
Tp-link Tl-er5520g V2
Tp-link Tl-er5520g V3
Tp-link Tl-wvr300 V4
Tp-link Tl-wvr450g V5
Tp-link Tl-er6520g V2
Tp-link Tl-r473 V5
Tp-link Tl-r483g V2
Tp-link Tl-r4239g V2
Tp-link Tl-wvr450 Firmware -
Tp-link Tl-wvr450l Firmware -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »