CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openwrt : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-45906 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.
2 CVE-2021-45905 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.
3 CVE-2021-45904 79 XSS 2021-12-27 2022-01-03
3.5
None Remote Medium ??? None Partial None
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.
4 CVE-2021-33425 79 XSS 2021-05-25 2021-11-23
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation.
5 CVE-2021-32019 79 XSS 2021-08-02 2021-08-11
4.3
None Remote Medium Not required None Partial None
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
6 CVE-2021-28961 77 2021-03-21 2021-09-16
6.5
None Remote Low ??? Partial Partial Partial
applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
7 CVE-2021-27821 79 Exec Code XSS 2021-05-25 2021-06-03
4.3
None Remote Medium Not required None Partial None
The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site scripting vulnerability which can lead to attackers carrying out arbitrary code execution.
8 CVE-2021-22161 835 2021-02-07 2021-02-11
3.3
None Local Network Low Not required None None Partial
In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excessive network traffic between an affected device and its upstream ISP's router. This occurs when a link prefix route points to a point-to-point link, a destination IPv6 address belongs to the prefix and is not a local IPv6 address, and a router advertisement is received with at least one global unique IPv6 prefix for which the on-link flag is set. This affects the netifd and odhcp6c packages.
9 CVE-2020-28951 416 2020-11-19 2020-12-02
10.0
None Remote Low Not required Complete Complete Complete
libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c.
10 CVE-2020-10871 200 +Info 2020-03-23 2020-03-30
5.0
None Remote Low Not required Partial None None
** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packages and services. NOTE: the vendor disputes the significance of this report because, for instances reachable by an unauthenticated actor, the same information is available in other (more complex) ways, and there is no plan to restrict the information further.
11 CVE-2020-7982 345 2020-03-16 2022-04-18
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
12 CVE-2020-7248 787 Overflow 2020-03-16 2022-05-09
5.0
None Remote Low Not required None None Partial
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
13 CVE-2019-25015 79 XSS 2021-01-26 2021-01-29
3.5
None Remote Medium ??? None Partial None
LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.
14 CVE-2019-19945 125 2020-03-16 2020-08-24
5.0
None Remote Low Not required None None Partial
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value.
15 CVE-2019-18993 79 XSS 2019-12-03 2019-12-16
3.5
None Remote Medium ??? None Partial None
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
16 CVE-2019-18992 79 XSS 2019-12-03 2019-12-16
3.5
None Remote Medium ??? None Partial None
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).
17 CVE-2019-17367 352 CSRF 2019-10-18 2019-10-22
6.8
None Remote Medium Not required Partial Partial Partial
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
18 CVE-2019-15513 667 2019-08-23 2021-01-03
7.8
None Remote Low Not required None None Complete
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
19 CVE-2019-12272 78 2019-05-23 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability.
20 CVE-2019-5102 295 +Info 2019-11-18 2022-06-21
4.3
None Remote Medium Not required Partial None None
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.
21 CVE-2019-5101 295 +Info 2019-11-18 2022-06-21
4.3
None Remote Medium Not required Partial None None
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function __ustream_ssl_poll, which is used to dispatch the read/write events
22 CVE-2018-19630 79 XSS 2018-11-28 2018-12-31
4.3
None Remote Medium Not required None Partial None
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
23 CVE-2018-11116 732 Exec Code 2018-06-19 2019-12-20
6.5
None Remote Low ??? Partial Partial Partial
** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.