Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
luci vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-43161
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch.
Ruijienetworks Reyeeos
578
VMScore
CVE-2021-43162
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose.
Ruijienetworks Reyeeos
668
VMScore
CVE-2021-43163
A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth.
Ruijienetworks Reyeeos
890
VMScore
CVE-2018-14060
OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D prior to 2.26.4 devices allows an malicious user to execute any command via crafted JSON data.
Mi Xiaomi R3d Firmware
1 Github repository
312
VMScore
CVE-2019-18993
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
Openwrt Openwrt 18.06.4
1 Github repository
312
VMScore
CVE-2021-33425
A stored cross-site scripting (XSS) vulnerability exists in the Web Interface for OpenWRT LuCI version 19.07 which allows malicious users to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
Openwrt Openwrt 19.07.0
605
VMScore
CVE-2019-17367
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
Openwrt Openwrt 18
1 Github repository
890
VMScore
CVE-2017-8116
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and previous versions allows remote malicious users to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
Teltonika Rut900 Firmware
Teltonika Rut905 Firmware
Teltonika Rut950 Firmware
Teltonika Rut955 Firmware
383
VMScore
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt prior to 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Openwrt Openwrt
578
VMScore
CVE-2018-11481
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
Tp-link Ipc Tl-ipc223\\(p\\)-6 Firmware
Tp-link Tl-ipc323k-d Firmware
Tp-link Tl-ipc325\\(kp\\) Firmware
Tp-link Tl-ipc40a-4 Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »