Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-20694
In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT...
Google Android 12.0
Google Android 13.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
NA
CVE-2023-32812
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365.
Linuxfoundation Yocto 2.6
Google Android 13.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
NA
CVE-2023-32813
In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.
Linuxfoundation Yocto 2.6
Google Android 13.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
NA
CVE-2023-32815
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.
Linuxfoundation Yocto 2.6
Google Android 13.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
NA
CVE-2024-20006
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148.
Rdkcentral Rdk-b 2022q3
Google Android 11.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
890
VMScore
CVE-2020-28951
libuci in OpenWrt prior to 18.06.9 and 19.x prior to 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
Openwrt Openwrt
294
VMScore
CVE-2021-22161
In OpenWrt 19.07.x prior to 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 addres...
Openwrt Openwrt
383
VMScore
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt prior to 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Openwrt Openwrt
312
VMScore
CVE-2019-25015
LuCI in OpenWrt 18.06.0 up to and including 18.06.4 allows stored XSS via a crafted SSID.
Openwrt Openwrt
578
VMScore
CVE-2018-11116
OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the f...
Openwrt Openwrt -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »