Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luci vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-19117
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.
Phicomm K2\\(psg1218\\) Firmware 22.5.9.163
4.3
CVSSv3
CVE-2020-5781
In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.
Ignitenet Helios Glinq 2.2.1
8.8
CVSSv3
CVE-2017-17758
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
8.8
CVSSv3
CVE-2017-17757
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua ...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
8.8
CVSSv3
CVE-2017-16957
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controll...
Tp-link Tl-wvr300 Firmware -
Tp-link Tl-wvr302 Firmware -
Tp-link Tl-wvr450 Firmware -
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr450g Firmware -
Tp-link Tl-wvr458 Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr458p Firmware -
Tp-link Tl-wvr900g Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1300g Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-war2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war302 Firmware -
Tp-link Tl-war450 Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458 Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
8.8
CVSSv3
CVE-2017-16958
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/...
Tp-link Tl-wvr300 Firmware -
Tp-link Tl-wvr302 Firmware -
Tp-link Tl-wvr450 Firmware -
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr450g Firmware -
Tp-link Tl-wvr458 Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr458p Firmware -
Tp-link Tl-wvr900g Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1300g Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-war2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war302 Firmware -
Tp-link Tl-war450 Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458 Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
8.8
CVSSv3
CVE-2017-16960
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/adm...
Tp-link Tl-wvr302 V2
Tp-link Tl-er6120g V2
Tp-link Tl-er6520g V3
Tp-link Tl-r488 V5
Tp-link Tl-r4299g V2
Tp-link Tl-r478 V6
Tp-link Tl-r478\\+ V7
Tp-link Tl-r478g\\+ V3
Tp-link Tl-r483 V5
Tp-link Tl-wvr900g V3
Tp-link Tl-er5510g V2
Tp-link Tl-er5510g V3
Tp-link Tl-er5520g V2
Tp-link Tl-er5520g V3
Tp-link Tl-wvr300 V4
Tp-link Tl-wvr450g V5
Tp-link Tl-er6520g V2
Tp-link Tl-r473 V5
Tp-link Tl-r483g V2
Tp-link Tl-r4239g V2
Tp-link Tl-wvr450 Firmware -
Tp-link Tl-wvr450l Firmware -
9.8
CVSSv3
CVE-2020-13859
An issue exists on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in /etc/shadow, coupled with a logic bug in the LuCI - OpenWrt Configuration Interface framework, allows the undocumented system account mofidev to login to the cgi-bin/luci/quick/wizard management...
Mofinetwork Mofi4500-4gxelte Firmware 4.0.8-std
5.4
CVSSv3
CVE-2019-25015
LuCI in OpenWrt 18.06.0 up to and including 18.06.4 allows stored XSS via a crafted SSID.
Openwrt Openwrt
6.5
CVSSv3
CVE-2017-16959
The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-La...
Tp-link Tl-wvr300 Firmware -
Tp-link Tl-wvr302 Firmware -
Tp-link Tl-wvr450 Firmware -
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr450g Firmware -
Tp-link Tl-wvr458 Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr458p Firmware -
Tp-link Tl-wvr900g Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1300g Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-war2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war302 Firmware -
Tp-link Tl-war450 Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458 Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »