Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luci vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
Openwrt Openwrt 18
1 Github repository
668
VMScore
CVE-2019-12272
In OpenWrt LuCI up to and including 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
Openwrt Luci
3 Github repositories
445
VMScore
CVE-2018-19879
An issue exists in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimit...
Teltonika Rut950 Firmware R 31.04.89
890
VMScore
CVE-2018-14010
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P prior to 2.14.5, R3C prior to 2.12.15, R3 prior to 2.22.15, and R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3p Firmware
Mi Xiaomi R3c Firmware
Mi Xiaomi R3d Firmware
Mi Xiaomi R3
1 Github repository
890
VMScore
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3d Firmware
1 Github repository
578
VMScore
CVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
668
VMScore
CVE-2018-11482
/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
801
VMScore
CVE-2017-17758
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/controller/admin/dhcps.lua...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
801
VMScore
CVE-2017-17757
TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/wportal.lua ...
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-wvr2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
Tp-link Tl-war1200l Firmware -
Tp-link Tl-war1300l Firmware -
Tp-link Tl-war1750l Firmware -
Tp-link Tl-war2600l Firmware -
801
VMScore
CVE-2017-16957
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controll...
Tp-link Tl-wvr300 Firmware -
Tp-link Tl-wvr302 Firmware -
Tp-link Tl-wvr450 Firmware -
Tp-link Tl-wvr450l Firmware -
Tp-link Tl-wvr450g Firmware -
Tp-link Tl-wvr458 Firmware -
Tp-link Tl-wvr458l Firmware -
Tp-link Tl-wvr458p Firmware -
Tp-link Tl-wvr900g Firmware -
Tp-link Tl-wvr900l Firmware -
Tp-link Tl-wvr1200l Firmware -
Tp-link Tl-wvr1300l Firmware -
Tp-link Tl-wvr1300g Firmware -
Tp-link Tl-wvr1750l Firmware -
Tp-link Tl-war2600l Firmware -
Tp-link Tl-wvr4300l Firmware -
Tp-link Tl-war302 Firmware -
Tp-link Tl-war450 Firmware -
Tp-link Tl-war450l Firmware -
Tp-link Tl-war458 Firmware -
Tp-link Tl-war458l Firmware -
Tp-link Tl-war900l Firmware -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »