cgi_handle_request in uhttpd in OpenWrt up to and including 18.06.1 and LEDE up to and including 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openwrt openwrt |
||
openwrt lede |