Published: 03/12/2019 Updated: 24/05/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).

Vulnerable Product	Search on Vulmon	Subscribe to Product
openwrt openwrt 18.06.4

These are series of activities based on the vulnerabilities found in OpenWrt by our team.

References nvdnistgov/vuln/detail/CVE-2019-17367 nvdnistgov/vuln/detail/CVE-2019-18992 OpenWrt-vulnerabilities Currently this project consists of 2 zero-day vulnerabilities (CVE-2019-18992 and CVE-2019-17367) that we discovered in OpenWrt firmware This project aims to create and publish Proof-of-Concept attack payloads for various vulnerabilities found in

CWE-79 https://github.com/openwrt/luci/commit/3961268597abba4c2b231790cb4aa7936e73cdf8 https://nvd.nist.gov https://github.com/paragmhatre1993/OpenWrt-vulnerabilities

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18992

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect