IDCVSSSummaryLast (major) updatePublished
CVE-2020-7982 6.8
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a
16-03-2020 - 22:15 16-03-2020 - 22:15
CVE-2018-11116 6.5
** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible
03-10-2019 - 00:03 19-06-2018 - 21:29
CVE-2019-5101 4.3
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is inval
18-11-2019 - 18:15 18-11-2019 - 18:15
CVE-2019-5102 4.3
An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is inval
18-11-2019 - 18:15 18-11-2019 - 18:15
CVE-2019-19945 5.0
uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both
16-03-2020 - 19:56 16-03-2020 - 18:15
CVE-2020-7248 5.0
libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow.
16-03-2020 - 21:15 16-03-2020 - 21:15
CVE-2019-18992 3.5
OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/admin/network/firewall/rules URI: "Open ports on router" and "New forward rule" and "New Source NAT" (this can occur, for example, on a TP-Link Archer C7 device).
03-12-2019 - 20:15 03-12-2019 - 20:15
CVE-2019-18993 3.5
OpenWrt 18.06.4 allows XSS via the "New port forward" Name field to the cgi-bin/luci/admin/network/firewall/forwards URI (this can occur, for example, on a TP-Link Archer C7 device).
03-12-2019 - 20:15 03-12-2019 - 20:15
CVE-2019-17367 6.8
OpenWRT firmware version 18.06.4 is vulnerable to CSRF via wireless/radio0.network1, wireless/radio1.network1, firewall, firewall/zones, firewall/forwards, firewall/rules, network/wan, network/wan6, or network/lan under /cgi-bin/luci/admin/network/.
22-10-2019 - 13:32 18-10-2019 - 17:15
CVE-2018-19630 4.3
cgi_handle_request in uhttpd in OpenWrt through 18.06.1 and LEDE through 17.01 has unauthenticated reflected XSS via the URI, as demonstrated by a cgi-bin/?[XSS] URI.
31-12-2018 - 20:39 28-11-2018 - 10:29
Back to Top Mark selected
Back to Top