Filtered by vendor Openwrt
Subscribe
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7982 | 1 Openwrt | 2 Lede, Openwrt | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). | |||||
CVE-2019-19945 | 1 Openwrt | 1 Openwrt | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. | |||||
CVE-2019-5102 | 1 Openwrt | 1 Openwrt | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. | |||||
CVE-2019-18993 | 1 Openwrt | 1 Openwrt | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device). | |||||
CVE-2019-17367 | 1 Openwrt | 1 Openwrt | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/. | |||||
CVE-2019-18992 | 1 Openwrt | 1 Openwrt | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device). | |||||
CVE-2019-5101 | 1 Openwrt | 1 Openwrt | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events | |||||
CVE-2019-15513 | 2 Motorola, Openwrt | 5 C1 Mwr03, C1 Mwr03 Firmware, Cx2l Mwr04l and 2 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. | |||||
CVE-2019-12272 | 1 Openwrt | 1 Luci | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | |||||
CVE-2018-19630 | 1 Openwrt | 2 Lede, Openwrt | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI. |