CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-28961

applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 74.1%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/openwrt/luci/commit/9df7ea4d66644df69fcea18b36bc465912ffc
https://openwrt.org/advisory/2021-08-01-3
https://github.com/openwrt/luci/commit/9df7ea4d66644df69fcea18b36bc465912ffc
https://openwrt.org/advisory/2021-08-01-3

Products affected by CVE-2021-28961

Openwrt » Openwrt » Version: 19.07.0

cpe:2.3:o:openwrt:openwrt:19.07.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-28961

Products

Pricing

Contact Us