Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwrt vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2023-20726
In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880,...
Linuxfoundation Yocto 2.6
Linuxfoundation Yocto 3.3
Rdkcentral Rdkb 2022q3
Google Android 11.0
Google Android 12.0
Google Android 13.0
Openwrt Openwrt 19.07.0
Openwrt Openwrt 21.02.0
5.4
CVSSv3
CVE-2023-24182
LuCI openwrt-22.03 branch git-22.361.69894-438c598 exists to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.
Openwrt Openwrt 22.03.3
5.4
CVSSv3
CVE-2023-24181
LuCI openwrt-22.03 branch git-22.361.69894-438c598 exists to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.
Openwrt Luci 22.03.3
5.4
CVSSv3
CVE-2022-41435
OpenWRT LuCI version git-22.140.66206-02913be exists to contain a stored cross-site scripting (XSS) vulnerability in the component /system/sshkeys.js. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via crafted public key comments.
Openwrt Luci Git-22.140.66206-02913be
7.5
CVSSv3
CVE-2022-38333
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows malicious users to access sensitive information via a crafted HTTP request.
Openwrt Openwrt 22.03.0
Openwrt Openwrt
5.4
CVSSv3
CVE-2021-45905
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
Openwrt Openwrt 21.02.1
5.4
CVSSv3
CVE-2021-45904
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
Openwrt Openwrt 21.02.1
5.4
CVSSv3
CVE-2021-45906
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
Openwrt Openwrt 21.02.1
6.1
CVSSv3
CVE-2021-32019
There is missing input validation of host names displayed in OpenWrt prior to 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Openwrt Openwrt
5.4
CVSSv3
CVE-2021-33425
A stored cross-site scripting (XSS) vulnerability exists in the Web Interface for OpenWRT LuCI version 19.07 which allows malicious users to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
Openwrt Openwrt 19.07.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »