There is missing input validation of host names displayed in OpenWrt prior to 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openwrt openwrt |